Edit tour

Windows Analysis Report
Wave Browser.exe

Overview

General Information

Sample name:	Wave Browser.exe
Analysis ID:	1468666
MD5:	938c6a14b9132727c3d29951610100d0
SHA1:	189056824936b67d9bc96586f26975af0b351b27
SHA256:	7a14127890cc5f7c0d6746a55dce214c701ee111224a065ad332bd2182106c02
Infos:

Detection

Score:	45
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	32
Range:	0 - 100

Signatures

Multi AV Scanner detection for submitted file

Creates multiple autostart registry keys

Found evasive API chain checking for user administrative privileges

Maps a DLL or memory area into another process

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

EXE planting / hijacking vulnerabilities found

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Potential browser exploit detected (process start blacklist hit)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Use Short Name Path in Command Line

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

Wave Browser.exe (PID: 6632 cmdline: "C:\Users\user\Desktop\Wave Browser.exe" MD5: 938C6A14B9132727C3D29951610100D0)

SWUpdaterSetup.exe (PID: 908 cmdline: "C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" MD5: 18693249F3A283E83B8179E692FFBBA9)

SWUpdater.exe (PID: 1900 cmdline: "C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdater.exe (PID: 6388 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /regserver MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdaterComRegisterShell64.exe (PID: 7108 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user MD5: 10B82DC9D9A29BC4AF224981F0E1C6FE)

SWUpdaterComRegisterShell64.exe (PID: 4076 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user MD5: 10B82DC9D9A29BC4AF224981F0E1C6FE)

SWUpdaterComRegisterShell64.exe (PID: 6576 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user MD5: 10B82DC9D9A29BC4AF224981F0E1C6FE)

SWUpdater.exe (PID: 7328 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9Ins1RjRENDdGRS1CNDQ4LTQzNDAtQjY1Qi03QUYyNDVFRTc5MEN9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezVEOUEyNUNELTJDQkQtNDIxMS1CM0MzLTIxMEREQzcxNjk4MH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjEzMy4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTAxNiIvPjwvYXBwPjwvcmVxdWVzdD4 MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdater.exe (PID: 7344 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{5F4D47FE-B448-4340-B65B-7AF245EE790C}" MD5: 57428456C6E6C2EA328C864681DB5DF3)

iexplore.exe (PID: 7944 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)

iexplore.exe (PID: 8000 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:17410 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)

ie_to_edge_stub.exe (PID: 8072 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=404b2 MD5: 89CF8972D683795DAB6901BC9456675D)

msedge.exe (PID: 8124 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=404b2 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6580 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=2004,i,3718953657744578865,13232452162775934316,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

ssvagent.exe (PID: 8108 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)

iexplore.exe (PID: 8428 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:17414 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)

iexplore.exe (PID: 1364 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:82952 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)

iexplore.exe (PID: 8132 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:17420 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)

iexplore.exe (PID: 3428 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:82962 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)

iexplore.exe (PID: 8360 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)

iexplore.exe (PID: 7360 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)

iexplore.exe (PID: 2172 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)

iexplore.exe (PID: 7292 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)

iexplore.exe (PID: 9176 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)

SWUpdater.exe (PID: 6748 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /c MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdater.exe (PID: 6752 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /cr MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdater.exe (PID: 5744 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ua /installsource core MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdater.exe (PID: 7084 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ua /installsource scheduler MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdater.exe (PID: 7260 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /registermsihelper MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdater.exe (PID: 7412 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /uninstall MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdater.exe (PID: 7592 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswRjU4QTAwRC00MTc1LTREODctQUIwMi1FRTlCMTQ0OTczNjF9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJ1bmluc3RhbGwiIHJlcXVlc3RpZD0ie0IwNEYxMzYzLTQxQTgtNDg2RS1BOTU4LTEzMUZDNTcwRTEwOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RUIxNDlBRDItQ0U0RS00RjUxLUI3RkMtQTE0OUZBQTRDQ0FGfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSI0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdater.exe (PID: 5764 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswRjU4QTAwRC00MTc1LTREODctQUIwMi1FRTlCMTQ0OTczNjF9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJ1bmluc3RhbGwiIHJlcXVlc3RpZD0iezMyNzQ0Q0IzLUQ3M0EtNEQ5NC1BMkIyLUM1ODIwNUE0NDJBQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iMS4zLjEzMy4wIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdater.exe (PID: 8760 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /unregserver MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdaterComRegisterShell64.exe (PID: 7212 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user /unregister MD5: 10B82DC9D9A29BC4AF224981F0E1C6FE)

SWUpdaterComRegisterShell64.exe (PID: 6912 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user /unregister MD5: 10B82DC9D9A29BC4AF224981F0E1C6FE)

SWUpdaterCore.exe (PID: 7716 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe" MD5: D40BD627BFB2BA39C5452A71A450EABD)

SWUpdater.exe (PID: 7756 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /c MD5: 57428456C6E6C2EA328C864681DB5DF3)

SWUpdaterCore.exe (PID: 7928 cmdline: "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe" MD5: D40BD627BFB2BA39C5452A71A450EABD)

msedge.exe (PID: 6988 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=404b2 --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7816 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8460 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5880 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

identity_helper.exe (PID: 8700 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)

identity_helper.exe (PID: 8720 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)

msedge.exe (PID: 9152 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8556 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2040,i,9846940053479223879,3976424785995044148,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8160 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9036 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2004,i,761526046158747839,15104522579484344094,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe", EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe, ProcessId: 1900, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wavesor SWUpdater

Sigma detected: Use Short Name Path in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali: Data: Command: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine|base64offset|contains: w, Image: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, NewProcessName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, OriginalFileName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, ParentCommandLine: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:17410 /prefetch:2, ParentImage: C:\Program Files (x86)\Internet Explorer\iexplore.exe, ParentProcessId: 8000, ParentProcessName: iexplore.exe, ProcessCommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, ProcessId: 8108, ProcessName: ssvagent.exe

Sigma detected: Modification of IE Registry Settings

Source: Registry Key set

Author: frack113: Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Program Files\Internet Explorer\iexplore.exe, ProcessId: 7944, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Wave Browser.exe

Virustotal: Detection: 10%

Perma Link

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterSetup.exe	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	EXE: SWUpdater.exe
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdater.exe	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\Download\{EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}\1.3.16.5\WaveInstaller-v1.3.16.5.exe
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterBroker.exe	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\Install\{DF7E1C1A-4867-4899-A0E8-C8CB671FD3D1}\WaveInstaller-v1.3.16.5.exe
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterOnDemand.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterSetup.exe	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	EXE: SWUpdater.exe
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdater.exe	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\Download\{EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}\1.3.16.5\WaveInstaller-v1.3.16.5.exe
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterBroker.exe	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\Install\{DF7E1C1A-4867-4899-A0E8-C8CB671FD3D1}\WaveInstaller-v1.3.16.5.exe
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	EXE: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterOnDemand.exe	Jump to behavior

Uses 32bit PE files

Source: Wave Browser.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

PE / OLE file has a valid certificate

Source: Wave Browser.exe

Static PE information: certificate valid

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: Wave Browser.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: SWUpdaterComRegisterShell64_unsigned.pdbP source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738588150.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterComRegisterShell64.exe, 00000004.00000000.1741960503.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000004.00000002.1742702646.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000005.00000000.1742955987.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000005.00000002.1743564119.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000006.00000000.1743802096.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000006.00000002.1744612123.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000032.00000002.2489252047.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000032.00000000.2487737954.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000033.00000000.2489781316.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000033.00000002.2494623269.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: psmachine_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739428499.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SWUpdaterCore_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738388621.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738545852.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterCore.exe, 00000012.00000000.1865393070.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000012.00000002.1872419615.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000016.00000000.1946044712.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000016.00000002.1946622318.000000000089D000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: SWUpdaterComRegisterShell64_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738588150.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterComRegisterShell64.exe, 00000004.00000000.1741960503.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000004.00000002.1742702646.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000005.00000000.1742955987.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000005.00000002.1743564119.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000006.00000000.1743802096.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000006.00000002.1744612123.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000032.00000002.2489252047.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000032.00000000.2487737954.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000033.00000000.2489781316.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000033.00000002.2494623269.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: D:\code\test\Plugins\inetc.pdb source: Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739055852.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.2.dr
Source:	Binary string: SWUpdater_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000000.1736030007.0000000000641000.00000020.00000001.01000000.0000000F.sdmp, SWUpdater.exe, 00000002.00000003.1737496383.0000000000FC4000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739671737.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000003.00000002.1746039937.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000007.00000000.1745569954.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000008.00000002.1779830130.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000009.00000002.1806143853.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 0000000A.00000002.1755368191.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 0000000C.00000002.1759430979.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 0000000D.00000002.2087500459.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 0000000E.00000002.3098537873.0000000000C31000.00000020.00000001.01000000.00000022.sdmp, SWUpdater.exe, 0000000F.00000000.1778826031.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000010.00000002.2157396726.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000013.00000002.1872396760.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000027.00000002.2482941996.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000031.00000000.2486646354.0000000000C31000.00000020.00000001.01000000.00000012.sdmp
Source:	Binary string: goopdate_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737926668.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, swupdater.dll.2.dr
Source:	Binary string: goopdate_unsigned.pdbq source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737926668.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, swupdater.dll.2.dr
Source:	Binary string: SWUpdaterBroker_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SWUpdaterCore_unsigned.pdbT source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738388621.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738545852.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterCore.exe, 00000012.00000000.1865393070.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000012.00000002.1872419615.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000016.00000000.1946044712.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000016.00000002.1946622318.000000000089D000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: psmachine_unsigned.pdbI source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739428499.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psmachine_unsigned_64.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739466166.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned.pdbI source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739055852.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.2.dr
Source:	Binary string: mi_exe_stub.pdb source: SWUpdaterSetup.exe, 00000001.00000000.1732568290.0000000000D87000.00000002.00000001.01000000.0000000E.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110429850.0000000000D87000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: SWUpdaterOnDemand_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740605908.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned_64.pdbE source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psmachine_unsigned_64.pdbE source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739466166.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: swupdaterres_unsigned_en.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004BF000.00000004.00000010.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F30000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1738879717.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000008.00000002.1780255860.0000000001250000.00000002.00000001.00040000.00000019.sdmp, SWUpdater.exe, 0000000A.00000002.1755764745.0000000000C80000.00000002.00000001.00040000.00000019.sdmp, SWUpdater.exe, 0000000E.00000002.3098905569.00000000011F0000.00000002.00000001.00040000.00000023.sdmp, swupdaterres_en.dll.2.dr
Source:	Binary string: psuser_unsigned_64.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp

Spreading

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior

Source: C:\Users\user\Desktop\Wave Browser.exe	Code function: 0_2_0040626D FindFirstFileA,FindClose,	0_2_0040626D
Source: C:\Users\user\Desktop\Wave Browser.exe	Code function: 0_2_00405732 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405732
Source: C:\Users\user\Desktop\Wave Browser.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B35404CC FindFirstFileExW,	4_2_00007FF6B35404CC

Software Vulnerabilities

Potential browser exploit detected (process start blacklist hit)

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Networking

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 2.23.209.149 2.23.209.149
Source: Joe Sandbox View	IP Address: 13.107.246.42 13.107.246.42
Source: Joe Sandbox View	IP Address: 151.101.129.108 151.101.129.108
Source: Joe Sandbox View	IP Address: 152.195.19.97 152.195.19.97

Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: SWUpdater.exe, 0000000E.00000003.2798252352.0000000001339000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: <data name="install" status="ok" index="1">{"homepage":"","homepage_is_newtabpage":true,"browser":{"show_home_button":true,"default_browser_setting_enabled":true},"distribution":{"suppress_first_run_bubble":true,"suppress_first_run_default_browser_prompt":true,"welcome_page_on_os_upgrade_enabled":false,"do_not_register_for_update_launch":true},"first_run_tabs":["chrome://newtab/"],"default_search_provider_data":{"template_url_data":{"created_by_policy":false,"favicon_url":"http://www.yahoo.com/favicon.ico","id":"26","input_encodings":["UTF-8"],"keyword":"WaveBrowser search","prepopulate_id":26,"safe_for_autoreplace":true,"search_terms_replacement_key":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","url":"https://api.wavebrowserbase.com/search/yhs","usage_count":0}},"default_apps":"install","variations_compressed_seed":"H4sIAAAAAAAA/32QwUrDQBCGEz1Upi0tC1KbWimiWC/FBE3j1baKORrQq5vuhC6kG91sqn0Er4LvK1WDiZg9LvPN/t/8MBife7bHIhw7NkWbRpHHQgfdueOe2ZcOUvJuQn/2qlAKGgcoVyg3L5HyRKSBytjaM/0TqM0EDWNkbRZasFfF+0PYmfL0mzRCi1STdahNMaJZrNrGXZPU7JEzckfOYHtoPJpfUrfLp0Sq/AOtlLGRquJLUmwjVUnqpd5MsK5k8pKivMmoZJyKYMExZrnRUbGmDuz+C/vHpY46pALTu3yYcPCzd41UZRLTe57ykMdcrXOfYbGhHnQrF/zTUkU9okHrWq9nIJNEKJnEExQKZa6yX6ymBc0S5PdLlbTIn7E+cgGtB7rCYL7AJeZ53eLpDYBfwrdKtzZIcaZNOtyyLz4Bwrb761EDAAA=","variations_seed_signature":"MEQCIExuFpavgcP2hwxz4h9WJErAMdcZNc+bwhNirHP+6Kp/AiBaxCcxY9FATvg/MH6P21S90qm equals www.yahoo.com (Yahoo)
Source: SWUpdater.exe, 0000000E.00000003.2793395202.0000000001339000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: <data name="install" status="ok" index="1">{"homepage":"","homepage_is_newtabpage":true,"browser":{"show_home_button":true,"default_browser_setting_enabled":true},"distribution":{"suppress_first_run_bubble":true,"suppress_first_run_default_browser_prompt":true,"welcome_page_on_os_upgrade_enabled":false,"do_not_register_for_update_launch":true},"first_run_tabs":["chrome://newtab/"],"default_search_provider_data":{"template_url_data":{"created_by_policy":false,"favicon_url":"http://www.yahoo.com/favicon.ico","id":"26","input_encodings":["UTF-8"],"keyword":"WaveBrowser search","prepopulate_id":26,"safe_for_autoreplace":true,"search_terms_replacement_key":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","url":"https://api.wavebrowserbase.com/search/yhs","usage_count":0}},"default_apps":"install","variations_compressed_seed":"H4sIAAAAAAAA/32QwUrDQBCGEz1Upi0tC1KbWimiWC/FBE3j1baKORrQq5vuhC6kG91sqn0Er4LvK1WDiZg9LvPN/t/8MBife7bHIhw7NkWbRpHHQgfdueOe2ZcOUvJuQn/2qlAKGgcoVyg3L5HyRKSBytjaM/0TqM0EDWNkbRZasFfF+0PYmfL0mzRCi1STdahNMaJZrNrGXZPU7JEzckfOYHtoPJpfUrfLp0Sq/AOtlLGRquJLUmwjVUnqpd5MsK5k8pKivMmoZJyKYMExZrnRUbGmDuz+C/vHpY46pALTu3yYcPCzd41UZRLTe57ykMdcrXOfYbGhHnQrF/zTUkU9okHrWq9nIJNEKJnEExQKZa6yX6ymBc0S5PdLlbTIn7E+cgGtB7rCYL7AJeZ53eLpDYBfwrdKtzZIcaZNOtyyLz4Bwrb761EDAAA=","variations_seed_signature":"MEQCIExuFpavgcP2hwxz4h9WJErAMdcZNc+bwhNirHP+6Kp/AiBaxCcxY9FATvg/MH6P21S90qmc3+rldyGha6/pPEGC+g=="}</data> equals www.yahoo.com (Yahoo)
Source: me[1].json.48.dr	String found in binary or memory: My New Book! How to Draw Fun Stuff! https://amzn.to/3EEIx8F Drawing lifelike portraits with precision (Elvis Presley). Satsifying technique with a 4B pencil on 110lb cardstock. Like and Subscribe if you enjoyed this drawing video: https://www.youtube.com/@JonathanStephenHarris As always thank you for watching and make sure you are notified for future updates by ringing that bell next to the subscribe button! :) ---------------------------------------------------------------------------------------------------------- Other ways to support this channel: equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000017.00000002.3522431981.000001A0A6120000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522431981.000001A0A6129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x4e7a20c1,0x01dad04b</date><accdate>0x4e7a20c1,0x01dad04b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: me[1].json.48.dr	String found in binary or memory: FACEBOOK: https://www.facebook.com/JonathanStephenHarrisOfficial/ equals www.facebook.com (Facebook)
Source: me[1].json.48.dr	String found in binary or memory: MY WEBSITE: http://www.jshcreates.com #PortraitArt #PortraitDrawing #PencilDrawing","url":"https://www.youtube.com/watch?v=u74qDcpxXk0","locale":"en-us","videoMetadata":{"playTime":658,"viewCount":1,"motionThumbnailUrl":"https://th.bing.com/th?id=OMB1.u27aIbbdK5um4w_1710590836&pid=2.1","channelPageUrl":"https://www.youtube.com/channel/UCp4ScbYr7qCOFpXwa6VaAkw","channelTitle":"Jon Harris","domain":"youtube.com","mediaUniqueId":"E3A69B2BDDB621DA6EBBE3A69B2BDDB621DA6EBB","allowEmbed":true,"allowHttpsEmbed":true,"allowMobileEmbed":true},"externalVideoFiles":[{"url":"","width":1920,"height":1080}],"publishedDateTime":"1/31/2024 4:00:39 PM","isFeatured":false,"images":[{"width":1920,"height":1080,"url":"https://th.bing.com/th?id=OVP.9A-pFe7yeEbzBXpRLwSfygEsDh","title":"Drawing Lifelike Portraits with Precision \| Elvis Presley","caption":"Drawing Lifelike Portraits with Precision \| Elvis Presley","source":"bing"}],"colorSamples":[{"isDarkMode":true,"hexColor":"#253D3B"},{"isDarkMode":false,"hexColor":"#EAF5F5"}],"provider":{"id":"vid-26mmg0by88bgjh5nyy22imrjtv6hq9gv0qhak46vshvxxnc98tka","name":"Jon Harris","logoUrl":"https://www.bing.com/th?id=AR_e1aad59e9b84f32b322c4036057c9f3d"},"category":"news","reactionSummary":{"totalCount":105,"subReactionSummaries":[{"totalCount":58,"type":"downvote"},{"totalCount":47,"type":"upvote"}]},"reactionStatus":"on","commentSummary":{"totalCount":0},"commentStatus":"on","subscriptionProductType":"undefined","feed":{"feedName":"news"},"topics":[],"isWorkNewsContent":false,"reasons":[{"type":"followTopic","follow":{"id":"Y_414a7c40-a373-4025-b4ce-e9502e9e17ed","name":"Entertainment","time":"2022-02-23T21:08:20Z"}},{"type":"explore","rank":1,"follow":{"id":"","name":"entertainment","time":""}}],"ri":"313","recoId":"qV4Rh_Owcb2kkWNG4kwNoU3rQm","source":"WebVideo"},{"id":"AA1fu1yB","type":"article","title":"10 Hard Anime That Are Worth Getting Into","abstract":"From complex titles like LOTGH to long-running series like One Piece, many anime are difficult to get into equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URLhttp://www.facebook.com/ equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URLhttp://www.twitter.com/ equals www.twitter.com (Twitter)
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URLhttp://www.youtube.com/ equals www.youtube.com (Youtube)
Source: SWUpdater.exe, 0000000E.00000002.3099783546.0000000001363000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: _for_update_launch":true},"first_run_tabs":["chrome://newtab/"],"default_search_provider_data":{"template_url_data":{"created_by_policy":false,"favicon_url":"http://www.yahoo.com/favicon.ico","id":"26","input_encodings":["UTF-8"],"keyword":"WaveBrowser search","prepopulate_id":26,"safe_for_autoreplace":true,"search_terms_replacement_key":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_ur equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.facebook.com/; equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.facebook.com/favicon.ico equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.myspace.com/favicon.ico& equals www.myspace.com (Myspace)
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rambler.ru/m equals www.rambler.ru (Rambler)
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.twitter.com/ equals www.twitter.com (Twitter)
Source: SWUpdater.exe, 0000000E.00000003.2795246763.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099433056.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798459692.0000000001301000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.ico","id":"26","input_encodings":["UTF-8"], equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/ equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000017.00000002.3522761477.000001A0A64C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/p equals www.youtube.com (Youtube)
Source: SWUpdater.exe, 0000000E.00000003.2790429232.0000000004340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: {"homepage":"","homepage_is_newtabpage":true,"browser":{"show_home_button":true,"default_browser_setting_enabled":true},"distribution":{"suppress_first_run_bubble":true,"suppress_first_run_default_browser_prompt":true,"welcome_page_on_os_upgrade_enabled":false,"do_not_register_for_update_launch":true},"first_run_tabs":["chrome://newtab/"],"default_search_provider_data":{"template_url_data":{"created_by_policy":false,"favicon_url":"http://www.yahoo.com/favicon.ico","id":"26","input_encodings":["UTF-8"],"keyword":"WaveBrowser search","prepopulate_id":26,"safe_for_autoreplace":true,"search_terms_replacement_key":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","url":"https://api.wavebrowserbase.co equals www.yahoo.com (Yahoo)
Source: SWUpdater.exe, 0000000E.00000003.2790429232.0000000004340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: {"homepage":"","homepage_is_newtabpage":true,"browser":{"show_home_button":true,"default_browser_setting_enabled":true},"distribution":{"suppress_first_run_bubble":true,"suppress_first_run_default_browser_prompt":true,"welcome_page_on_os_upgrade_enabled":false,"do_not_register_for_update_launch":true},"first_run_tabs":["chrome://newtab/"],"default_search_provider_data":{"template_url_data":{"created_by_policy":false,"favicon_url":"http://www.yahoo.com/favicon.ico","id":"26","input_encodings":["UTF-8"],"keyword":"WaveBrowser search","prepopulate_id":26,"safe_for_autoreplace":true,"search_terms_replacement_key":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","url":"https://api.wavebrowserbase.com/search/yhs","usage_count":0}},"default_apps":"install","variations_compressed_seed":"H4sIAAAAAAAA/32QwUrDQBCGEz1Upi0tC1KbWimiWC/FBE3j1baKORrQq5vuhC6kG91sqn0Er4LvK1WDiZg9LvPN/t/8MBife7bHIhw7NkWbRpHHQgfdueOe2ZcOUvJuQn/2qlAKGgcoVyg3L5HyRKSBytjaM/0TqM0EDWNkbRZasFfF+0PYmfL0mzRCi1STdahNMaJZrNrGXZPU7JEzckfOYHtoPJpfUrfLp0Sq/AOtlLGRquJLUmwjVUnqpd5MsK5k8pKivMmoZJyKYMExZrnRUbGmDuz+C/vHpY46pALTu3yYcPCzd41UZRLTe57ykMdcrXOfYbGhHnQrF/zTUkU9okHrWq9nIJNEKJnEExQKZa6yX6ymBc0S5PdLlbTIn7E+cgGtB7rCYL7AJeZ53eLpDYBfwrdKtzZIcaZNOtyyLz4Bwrb761EDAAA=","variations_seed_signature":"MEQCIExuFpavgcP2hwxz4h9WJErAMdcZNc+bwhNirHP+6Kp/AiBaxCcxY9FATvg/MH6P21S90qmc3+rldyGha6/pPEGC+g=="}t equals www.yahoo.com (Yahoo)

Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://amazon.fr/&
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ariadna.elmundo.es/5
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arianna.libero.it/d
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arianna.libero.it/favicon.icoW
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://asp.usatoday.com/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://asp.usatoday.com/favicon.ico&
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://auone.jp/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://br.search.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://browse.guardian.co.uk/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://browse.guardian.co.uk/favicon.icog
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://busca.buscape.com.br/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://busca.igbusca.com.br/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.icou
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://busca.orange.es/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://busca.uol.com.br/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://busca.uol.com.br/H
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://buscador.lycos.es/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://buscador.terra.com.br/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://buscador.terra.com/
Source: iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://buscador.terra.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://buscador.terra.com/favicon.icod
Source: iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://buscador.terra.com/favicon.icok
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://buscador.terra.es/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://buscar.ozu.es/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://buscar.ya.com/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://busqueda.aol.com.mx/
Source: Wave Browser.exe, 00000000.00000002.3120195749.0000000002818000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740172913.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740136023.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F35000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1739797957.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737789046.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739428499.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740569385.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739259584.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676787979.0000000002757000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Wave Browser.exe, 00000000.00000003.1675148752.0000000002755000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1735930762.0000000000882000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740099786.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F35000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1739797957.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Wave Browser.exe, 00000000.00000002.3120195749.0000000002818000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740172913.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740136023.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F35000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1739797957.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737789046.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739428499.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740569385.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739259584.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676787979.0000000002757000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3120195749.0000000002818000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Wave Browser.exe, 00000000.00000003.1675148752.0000000002755000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1735930762.0000000000882000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740099786.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740172913.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cerca.lycos.it/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015469461.000001A0A3156000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cnet.search.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015574156.000001A0A3175000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3176000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://corp.naukri.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://corp.naukri.com/favicon.ico
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676787979.0000000002757000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675148752.0000000002755000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: Wave Browser.exe, 00000000.00000002.3120195749.0000000002818000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740172913.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740136023.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F35000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1739797957.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737789046.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739428499.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740569385.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739259584.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676787979.0000000002757000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Wave Browser.exe, 00000000.00000003.1675148752.0000000002755000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1735930762.0000000000882000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740099786.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F35000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1739797957.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Wave Browser.exe, 00000000.00000002.3120195749.0000000002818000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740172913.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740136023.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F35000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1739797957.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737789046.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739428499.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740569385.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739259584.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SWUpdater.exe, 0000000E.00000002.3098905569.00000000011F5000.00000002.00000001.00040000.00000023.sdmp, Wave Browser.exe, psuser.dll.2.dr, swupdaterres_en.dll.2.dr, swupdater.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676787979.0000000002757000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Wave Browser.exe, 00000000.00000003.1675148752.0000000002755000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1735930762.0000000000882000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740099786.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F35000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1739797957.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676787979.0000000002757000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675148752.0000000002755000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://de.search.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://es.ask.com/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://es.search.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://es.search.yahoo.com/B
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://esearch.rakuten.co.jp/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://espanol.search.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://espn.go.com/favicon.icoE
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://find.joins.com/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fr.search.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fr.search.yahoo.com/f
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.pchome.com.tw/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.pchome.com.tw/L
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://home.altervista.org/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://home.altervista.org/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ie8.ebay.com/open
Source: iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico1
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://images.monster.com/favicon.icoO
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.atlas.cz/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015469461.000001A0A3156000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://in.search.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://it.search.dada.net/-
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://it.search.dada.net/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://it.search.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://jobsearch.monster.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kr.search.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://list.taobao.com/
Source: iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&q=
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&q=
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://msk.afisha.ru/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://msk.afisha.ru/9
Source: Wave Browser.exe, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Wave Browser.exe, 00000000.00000000.1662723487.0000000000409000.00000008.00000001.01000000.00000003.sdmp, WaveInstaller-v1.3.16.5.exe0.14.dr	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Wave Browser.exe, 00000000.00000000.1662723487.0000000000409000.00000008.00000001.01000000.00000003.sdmp, WaveInstaller-v1.3.16.5.exe0.14.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocnsearch.goo.ne.jp/E
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676787979.0000000002757000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Wave Browser.exe, 00000000.00000003.1675148752.0000000002755000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1735930762.0000000000882000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740099786.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F35000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1739797957.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676787979.0000000002757000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3120195749.0000000002818000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Wave Browser.exe, 00000000.00000003.1675148752.0000000002755000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1735930762.0000000000882000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740099786.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740172913.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: Wave Browser.exe, 00000000.00000002.3120195749.0000000002818000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740172913.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740136023.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F35000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1739797957.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737789046.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739428499.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740569385.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739259584.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: Wave Browser.exe, 00000000.00000002.3120195749.0000000002818000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740172913.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740136023.0000000000FEB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F35000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1739797957.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737789046.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739428499.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740569385.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739259584.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676787979.0000000002757000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675148752.0000000002755000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p.zhongsou.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://price.ru/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://price.ru/H
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://price.ru/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://price.ru/favicon.icoY
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://recherche.linternaute.com/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://recherche.tf1.fr/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://recherche.tf1.fr/0
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://rover.ebay.comw
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ru.search.yahoo.com
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sads.myspace.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search-dyn.tiscali.it/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.about.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.alice.it/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.alice.it/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.aol.co.uk/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.aol.com/M
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.aol.in/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.atlas.cz/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.auction.co.kr/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.auone.jp/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.auone.jp/2
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.books.com.tw/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.books.com.tw/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.centrum.cz/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.centrum.cz/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.chol.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.chol.com/favicon.ico
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.cn.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.cn.yahoo.com/t
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.daum.net/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.daum.net/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.daum.net/u
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.dreamwiz.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.dreamwiz.com/v
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ebay.co.uk/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ebay.com/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ebay.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ebay.com/favicon.icoJ
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ebay.com/favicon.icot
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ebay.de/G
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ebay.es/A
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ebay.fr/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ebay.in/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ebay.it/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.empas.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.empas.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.empas.com/favicon.icoL
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.espn.go.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.gamer.com.tw/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.gismeteo.ru/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.gismeteo.ru/g
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.goo.ne.jp/
Source: iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.goo.ne.jp/favicon.icou
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.hanafos.com/
Source: iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.hanafos.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.interpark.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.interpark.com/t
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ipop.co.kr/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ipop.co.kr/K
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3140000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&q=
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&q=
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&q=
Source: iexplore.exe, 00000017.00000002.3516401707.000001A0A04E1000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C1E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015574156.000001A0A3175000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3176000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=
Source: iexplore.exe, 00000017.00000002.3516401707.000001A0A04E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5eCX
Source: iexplore.exe, 00000017.00000002.3516401707.000001A0A04E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
Source: iexplore.exe, 00000017.00000002.3516401707.000001A0A04E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7BOX&src=%7Breferrer:source?%7D
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7RE&src=%7Breferrer:source?%7D
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&Form=IE8SRC&src=%7Breferrer:source%7D
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2BBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2BBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=IE-SearchBox&Form=IE8SRC%
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.livedoor.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.livedoor.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.lycos.co.uk/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.lycos.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.lycos.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3516401707.000001A0A0472000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPWd
Source: iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2BBC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3516401707.000001A0A04E1000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3164000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/results.aspx?q=
Source: iexplore.exe, 00000017.00000002.3516401707.000001A0A04E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
Source: iexplore.exe, 00000017.00000002.3516401707.000001A0A04E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
Source: iexplore.exe, 00000017.00000002.3516401707.000001A0A04E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.nate.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.naver.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.naver.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.nifty.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.orange.co.uk/V
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.rediff.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.rediff.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.seznam.cz/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.seznam.cz/favicon.ico
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.sify.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.sify.com/B
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.yahoo.co.jp
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.yahoo.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.yahoo.com/favicon.icot
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&p=
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&p=
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.yam.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search1.taobao.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search2.estadao.com.br/l
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://searchresults.news.com.au/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://service2.bfast.com/P
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://so-net.search.goo.ne.jp/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suche.aol.de/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suche.freenet.de/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suche.freenet.de/favicon.icoC
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suche.lycos.de/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suche.t-online.de/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suche.web.de/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suche.web.de/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://suche.web.de/l
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tw.search.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://udn.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://udn.com/K
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://udn.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://udn.com/favicon.ico?
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://uk.ask.com/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://uk.ask.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://uk.search.yahoo.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://vachercher.lycos.fr/(
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://video.globo.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://video.globo.com/favicon.icog
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ask.com/
Source: iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.abril.com.br/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.abril.com.br/U
Source: iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.abril.com.br/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.alarabiya.net/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.alarabiya.net/a
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.amazon.co.jp/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.amazon.co.uk/i
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2BBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.amazon.com/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword=
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.amazon.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creativ
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.amazon.de/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aol.com/favicon.icoi
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.arrakis.com/favicon.icon
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.arrakis.com/q
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.asharqalawsat.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.asharqalawsat.com/G
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ask.com/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.auction.co.kr/auction.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.auction.co.kr/auction.ico?
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cdiscount.com/o
Source: iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ceneo.pl/
Source: iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ceneo.pl/favicon.icok
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ceneo.pl/s
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico##2
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cjmall.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cjmall.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clarin.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cnet.co.uk/c
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cnet.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dailymail.co.uk/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dailymail.co.uk/favicon.ico_
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676787979.0000000002757000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Wave Browser.exe, 00000000.00000003.1675148752.0000000002755000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1735930762.0000000000882000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.000000000328B000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734132508.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740099786.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740355639.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739620214.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F35000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1739797957.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.etmall.com.tw/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.etmall.com.tw/favicon.icoY
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.excite.co.jp/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.expedia.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.expedia.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gmarket.co.kr/
Source: iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.co.in/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.co.jp/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.co.uk/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com.br/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com.sa/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com.tw/
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/favicon.ico~
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.cz/
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.de/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.es/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.fr/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.it/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.pl/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.ru/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.si/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iask.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iask.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.kkbox.com.tw/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.linternaute.com/favicon.ico
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.live.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.maktoob.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mercadolibre.com.mx/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mercadolibre.com.mx/favicon.icoo
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mercadolivre.com.br/p
Source: iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.merlin.com.pl/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.merlin.com.pl/8
Source: iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mtv.com/favicon.ico/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mtv.com/j?L
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.myspace.com/favicon.ico&
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.najdi.si/favicon.ico3
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.najdi.si/x
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.nate.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.neckermann.de/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.neckermann.de/j
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.news.com.au/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.nifty.com/favicon.ico
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml4.23.dr	String found in binary or memory: http://www.nytimes.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.orange.fr/r
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.otto.de/favicon.icop
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ozon.ru/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ozon.ru/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ozu.es/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.paginasamarillas.es/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.priceminister.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.priceminister.com/favicon.icow
Source: iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rambler.ru/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rambler.ru/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rambler.ru/m
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.recherche.aol.fr/
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.reddit.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rtl.de/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rtl.de/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rtl.de/favicon.icol
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.servicios.clarin.com/W
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.shopzilla.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sify.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sogou.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sogou.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sogou.com/favicon.icob
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.soso.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.soso.com/favicon.ico
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.t-online.de/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.t-online.de/favicon.icoU
Source: iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.taobao.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.taobao.com/_
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.taobao.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.target.com/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.target.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.target.com/favicon.icoZ
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tchibo.de/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tchibo.de/.
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tchibo.de/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tchibo.de/favicon.icog
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tesco.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tesco.com/6
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tesco.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tesco.com/favicon.ico/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tiscali.it/favicon.ico
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.twitter.com/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.univision.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.univision.com/N
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.univision.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.univision.com/favicon.icoG
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.walmart.com/
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.walmart.com/favicon.ico
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml7.23.dr	String found in binary or memory: http://www.wikipedia.com/
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ya.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ya.com/favicon.icoy
Source: SWUpdater.exe, 0000000E.00000003.2790429232.0000000004340000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2793395202.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798343506.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2795246763.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099575406.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099433056.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798541430.0000000001360000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798252352.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798459692.0000000001301000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099783546.0000000001363000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.yam.com/favicon.ico
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522431981.000001A0A6120000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522431981.000001A0A6129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/
Source: iexplore.exe, 00000017.00000002.3522761477.000001A0A64C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/p
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www3.fnac.com/
Source: iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www3.fnac.com/favicon.ico
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015469461.000001A0A3156000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea
Source: iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://z.about.com/m/a08.ico
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp3c
Source: iexplore.exe, 00000017.00000003.2014518017.000001A0A332C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingcsp
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3391000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3391000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSX
Source: SWUpdater.exe, 0000000E.00000003.2790429232.0000000004340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.co
Source: Wave Browser.exe, 00000000.00000003.3118311906.00000000005B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/
Source: Wave Browser.exe, 00000000.00000003.1675108308.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119234785.000000000055F000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674919621.0000000000563000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675803860.0000000000563000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676677141.0000000000563000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674014008.0000000000563000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.000000000055F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/0
Source: Wave Browser.exe, 00000000.00000003.1967217955.00000000005B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/K
Source: Wave Browser.exe, 00000000.00000003.1663580891.0000000002755000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/
Source: Wave Browser.exe, 00000000.00000003.1674014008.0000000000593000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674014008.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119234785.0000000000518000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675085711.0000000000594000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674919621.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675803860.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119234785.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676677141.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675803860.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676677141.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119234785.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.000000000059D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/0/status/chr_stub_started?id=&v=1.4.16.2
Source: Wave Browser.exe, 00000000.00000003.1724071507.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3118311906.0000000000601000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119234785.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1967300453.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1967217955.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119600983.0000000000601000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_offer_accepted?id=&v=1.4.16.2&format=ini
Source: Wave Browser.exe, 00000000.00000002.3119234785.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.0000000000588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_offer_accepted?id=&v=1.4.16.2&format=ini1
Source: Wave Browser.exe, 00000000.00000003.3118311906.0000000000601000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1967300453.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1967217955.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119600983.0000000000601000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_offer_accepted?id=&v=1.4.16.2&format=iniR
Source: Wave Browser.exe, 00000000.00000002.3119234785.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.0000000000588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_offer_accepted?id=&v=1.4.16.2&format=inir
Source: Wave Browser.exe, 00000000.00000003.3117920074.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.00000000005AA000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3120881782.000000000470C000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119234785.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119600983.00000000005B7000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3118311906.00000000005B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_swupd_finished?id=&v=1.4.16.2&swexcr=0
Source: Wave Browser.exe, 00000000.00000003.3117920074.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119600983.00000000005B7000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3118311906.00000000005B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_swupd_finished?id=&v=1.4.16.2&swexcr=0.tmp
Source: Wave Browser.exe, 00000000.00000002.3120881782.000000000470C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_swupd_finished?id=&v=1.4.16.2&swexcr=07/&
Source: Wave Browser.exe, 00000000.00000002.3119234785.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.000000000059D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_swupd_finished?id=&v=1.4.16.2&swexcr=0C
Source: Wave Browser.exe, 00000000.00000003.3117920074.00000000005AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_swupd_finished?id=&v=1.4.16.2&swexcr=0D
Source: Wave Browser.exe, 00000000.00000002.3119234785.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.0000000000588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_swupd_finished?id=&v=1.4.16.2&swexcr=0er
Source: Wave Browser.exe, 00000000.00000002.3119234785.0000000000588000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.0000000000588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_swupd_finished?id=&v=1.4.16.2&swexcr=0iH-
Source: Wave Browser.exe, 00000000.00000002.3119234785.000000000055F000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1967217955.00000000005B6000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3118311906.0000000000601000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1967300453.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119234785.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.000000000055F000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1967217955.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119600983.0000000000601000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_swupd_started?id=&v=1.4.16.2
Source: Wave Browser.exe, 00000000.00000002.3119234785.000000000055F000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3117920074.000000000055F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/15/status/chr_swupd_started?id=&v=1.4.16.2E.tmp
Source: Wave Browser.exe, 00000000.00000003.1663580891.0000000002755000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/log/imp/e/chr_offer_accepted/d/
Source: Wave Browser.exe, 00000000.00000003.1663580891.0000000002755000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/log/imp/e/chr_offer_declined/d/
Source: Wave Browser.exe, 00000000.00000003.1663580891.0000000002755000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/log/imp/e/chr_stub_started/d/
Source: Wave Browser.exe, 00000000.00000003.1967217955.00000000005B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/pData
Source: SWUpdater.exe, 0000000E.00000003.2795658632.000000000135E000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2790429232.0000000004340000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2793395202.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798343506.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099575406.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798541430.0000000001360000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798252352.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099783546.0000000001363000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/search/yhs
Source: SWUpdater.exe, 0000000E.00000003.2795246763.00000000012E8000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798459692.0000000001301000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.swupdater.com/build/WaveBrowser/stable/win/1112397578245/64/WaveInstaller-v1.3.16.5.exe
Source: SWUpdater.exe, 0000000E.00000002.3101123818.0000000005F40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.swupdater.com/build/WaveBrowser/stable/win/1112397578245/64/WaveInstaller-v1.3.16.5.exe3
Source: SWUpdater.exe, 0000000E.00000003.2795658632.000000000135E000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2790429232.0000000004340000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2793395202.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2795658632.0000000001346000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798541430.0000000001360000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2788997737.0000000005A48000.00000004.00000800.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099783546.0000000001363000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.swupdater.com:443/build/WaveBrowser/stable/win/1112397578245/64/
Source: SWUpdater.exe, 00000009.00000002.1805756226.0000000000833000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000009.00000002.1805756226.0000000000878000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.swupdater.com/
Source: SWUpdater.exe, 00000009.00000002.1805756226.0000000000854000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.swupdater.com/service/check2?Z
Source: SWUpdater.exe, 00000009.00000002.1805756226.0000000000878000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.swupdater.com/service/check2?crx3=true&appid=%7BF6F60ACE-71AD-4610-80D4-9253729FB4B
Source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737926668.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, swupdater.dll.2.dr	String found in binary or memory: https://clients2.swupdater.com/service/check2?crx3=trueCodeRedUrlRecovery&appid=%s&appversion=%s&app
Source: SWUpdater.exe, 00000009.00000002.1805756226.000000000086E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.swupdater.com/tN
Source: SWUpdater.exe, 00000009.00000002.1805756226.0000000000808000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.swupdater.com:443
Source: SWUpdater.exe, 00000009.00000002.1805756226.0000000000808000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.swupdater.com:443=
Source: SWUpdater.exe, 0000000E.00000003.2790429232.0000000004340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&
Source: SWUpdater.exe, 0000000E.00000003.2795658632.000000000135E000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2793395202.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798343506.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099575406.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798541430.0000000001360000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798252352.0000000001339000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099783546.0000000001363000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: SWUpdater.exe, 0000000E.00000003.2790429232.0000000004340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.1949649966.000001A0A04E2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2014518017.000001A0A32B0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3516401707.000001A0A04E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676787979.0000000002757000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675148752.0000000002755000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: SWUpdater.exe, 00000008.00000002.1780415358.0000000001396000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000D.00000002.2086509736.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000D.00000003.1785870253.0000000000B66000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2793395202.00000000013A2000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099845355.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000010.00000003.1855365325.0000000000867000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000010.00000003.1855023922.0000000000867000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000010.00000002.2156455802.0000000000867000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000027.00000003.2180999883.0000000001389000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000027.00000002.2483840326.0000000001389000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swupdater.com/
Source: SWUpdater.exe, 0000000E.00000002.3099647848.0000000001350000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2795658632.0000000001350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swupdater.com/.
Source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737926668.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, swupdater.dll.2.dr	String found in binary or memory: https://swupdater.com/cr/reportWavesor
Source: SWUpdater.exe, 00000010.00000003.1855365325.0000000000887000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000010.00000002.2156036458.0000000000829000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000027.00000002.2484009312.00000000013AB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000027.00000002.2483612485.0000000001349000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000027.00000003.2180999883.00000000013A7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000027.00000003.2181492818.00000000013A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swupdater.com/service/update2
Source: SWUpdater.exe, 00000008.00000002.1780415358.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swupdater.com/service/update24N
Source: SWUpdater.exe, 0000000E.00000003.2798459692.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099433056.00000000012EB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2795246763.00000000012E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swupdater.com/service/update26
Source: SWUpdater.exe, 0000000E.00000003.2795658632.000000000135E000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000003.2798541430.0000000001360000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099166175.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000E.00000002.3099783546.0000000001363000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swupdater.com/service/update2?cup2key=1:3380864876&cup2hreq=a93ee16ccc7d14a5611ee654664949ea
Source: SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739466166.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737926668.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738588150.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738388621.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738545852.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterComRegisterShell64.exe, 00000004.00000000.1741960503.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000004.00000002.1742702646.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000005.00000000.1742955987.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000005.00000002.1743564119.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000006.00000000.1743802096.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000006.00000002.1744612123.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterCore.exe, 00000012.00000000.1865393070.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000012.00000002.1872419615.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000016.00000000.1946044712.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000016.00000002.1946622318.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterComRegisterShell64.exe, 00000032.00000002.2489252047.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000032.00000000.2487737954.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000033.00000000.2489781316.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000033.00000002.2494623269.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://swupdater.com/service/update2Global
Source: SWUpdater.exe, 00000008.00000002.1780415358.000000000134E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swupdater.com/service/update2IO)
Source: SWUpdater.exe, 0000000D.00000002.2086509736.0000000000B20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swupdater.com/service/update2Ii
Source: SWUpdater.exe, 0000000E.00000002.3099166175.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swupdater.com:443
Source: SWUpdater.exe, 00000008.00000002.1780415358.0000000001323000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 0000000D.00000002.2086509736.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000010.00000002.2156036458.0000000000843000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swupdater.com:443/service/update2
Source: SWUpdater.exe, 0000000E.00000002.3099166175.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://swupdater.com:443/service/update2Z
Source: Wave Browser.exe, 00000000.00000003.3117920074.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119234785.00000000005AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wavebrowser.co/ab
Source: Wave Browser.exe, 00000000.00000003.1714139207.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wavebrowser.co/about/
Source: Wave Browser.exe, 00000000.00000003.1677542513.0000000000605000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wavebrowser.co/about/.
Source: Wave Browser.exe, 00000000.00000002.3119234785.0000000000518000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1663580891.0000000002755000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wavebrowser.co/changelog
Source: Wave Browser.exe, 00000000.00000002.3119234785.0000000000518000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1663580891.0000000002755000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wavebrowser.co/privacy
Source: Wave Browser.exe, 00000000.00000002.3119234785.0000000000518000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1663580891.0000000002755000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wavebrowser.co/terms
Source: Wave Browser.exe, 00000000.00000002.3119234785.0000000000518000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1663580891.0000000002755000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wavebrowser.co/termshttps://wavebrowser.co/privacyhttps://wavebrowser.co/changelog
Source: Wave Browser.exe, 00000000.00000003.1714139207.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wavebrowser.co/uninstall/
Source: Wave Browser.exe, 00000000.00000003.1713903897.0000000000606000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1677542513.0000000000605000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wavebrowser.co/uninstall/.
Source: Wave Browser.exe, 00000000.00000003.1714139207.0000000002750000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1677542513.0000000000605000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wavebrowserpro.com/pro_privacy.
Source: Wave Browser.exe, 00000000.00000003.1714139207.0000000002750000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1677542513.0000000000605000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wavebrowserpro.com/pro_terms
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A33DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6CA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.co
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A3391000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3527204355.000001A0A94A2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3520085326.000001A0A33DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/
Source: iexplore.exe, 00000017.00000002.3527204355.000001A0A94A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=8bJ
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A33DB000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A68F2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3514919841.0000000B981F0000.00000004.00000010.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517342084.000001A0A2220000.00000004.08000000.00040000.00000000.sdmp, iexplore.exe, 00000017.00000002.3520085326.000001A0A332C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3518204730.000001A0A2E08000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3518204730.000001A0A2E13000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3520085326.000001A0A344E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6B77000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6B89000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6A69000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6AD6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3516153306.0000000B99AF1000.00000004.00000010.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3527204355.000001A0A94BE000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C94000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3518204730.000001A0A2DC4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3518204730.000001A0A2DB0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A68D0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3520085326.000001A0A33FD000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3521834668.000001A0A5640000.00000004.08000000.00040000.00000000.sdmp, iexplore.exe, 00000017.00000002.3515818948.0000000B993F1000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A32F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp/?LinkID=403856&language=
Source: iexplore.exe, 00000017.00000002.3516401707.000001A0A0472000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp/fwlink/p/?LinkId=255141m/fwlink/p/?LinkId=255141p
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3520085326.000001A0A32AF000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3516401707.000001A0A0472000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6B99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141
Source: iexplore.exe, 00000017.00000002.3516401707.000001A0A0472000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141H
Source: iexplore.exe, 00000017.00000002.3516401707.000001A0A0472000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141X
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6CA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp1
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp72M
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp8B2E3A
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp;3Q
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A335B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehp=
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpB2E3A
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpM=
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpMicrosoft
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A33DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpT
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6C47000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3520085326.000001A0A3384000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A69D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpTerms
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6911000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A69A7000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6BAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpX
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehparchTerms
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A335B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpd%h
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpico
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpico2
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpiehpTerms
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A33DB000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A68D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpj
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6911000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehplJ
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A33DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpm
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C67000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3520085326.000001A0A332C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A69D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehposoft
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6AF4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6911000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3527204355.000001A0A94BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6AF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141ist
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6C47000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141q
Source: iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141se
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A33DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpw.msn.com/?ocid=iehp
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6B87000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3527204355.000001A0A94BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpx
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6CA4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/?ocid=iehpy
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A33DB000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6B99000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3520085326.000001A0A332C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3518204730.000001A0A2E08000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3520085326.000001A0A344E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6C25000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6A69000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6AD6000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3527204355.000001A0A94BE000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C94000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3518204730.000001A0A2DC4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6BAB000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A68D0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3520085326.000001A0A33FD000.00000004.00000020.00020000.00000000.sdmp, imagestore.dat.33.dr	String found in binary or memory: https://www.msn.com/favicon.ico
Source: iexplore.exe, 00000017.00000002.3522815682.000001A0A6911000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6A69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/favicon.ico:Sat:Saturday
Source: iexplore.exe, 00000017.00000002.3520085326.000001A0A32F3000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6CA0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6AD2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6B74000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6C21000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6A1E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C36000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3520085326.000001A0A32EF000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6980000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/spartan/ientp?locale=en-CH&market=CH&enableregulatorypsm=0&enablecpsm=0&NTLogo=0
Source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737926668.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, swupdater.dll.2.dr	String found in binary or memory: https://www.swupdater.com/support/installer/?Device

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\Wave Browser.exe

Code function: 0_2_004051CF GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004051CF

Contains functionality to modify clipboard data

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B3534968 lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,		4_2_00007FF6B3534968
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_0088770F lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,		18_2_0088770F

System Summary

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\Wave Browser.exe

Code function: 0_2_004031D6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004031D6

Detected potential crypto function

Source: C:\Users\user\Desktop\Wave Browser.exe	Code function: 0_2_00404A0E	0_2_00404A0E
Source: C:\Users\user\Desktop\Wave Browser.exe	Code function: 0_2_004065F6	0_2_004065F6
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D82C88	1_2_00D82C88
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D7413B	1_2_00D7413B
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D78D39	1_2_00D78D39
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D83EDD	1_2_00D83EDD
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D80670	1_2_00D80670
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D82B68	1_2_00D82B68
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D80B08	1_2_00D80B08
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Code function: 2_2_006525BD	2_2_006525BD
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C425BD	3_2_00C425BD
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B353B930	4_2_00007FF6B353B930
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B3543D14	4_2_00007FF6B3543D14
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B353FCE4	4_2_00007FF6B353FCE4
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B35404CC	4_2_00007FF6B35404CC
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B353BFEC	4_2_00007FF6B353BFEC
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B35402C0	4_2_00007FF6B35402C0
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_0089C0D9	18_2_0089C0D9
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_00896288	18_2_00896288
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_008983C6	18_2_008983C6
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_0089BB60	18_2_0089BB60
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_008984E6	18_2_008984E6
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_0088ED90	18_2_0088ED90
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_00895DF0	18_2_00895DF0
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_0089973D	18_2_0089973D

Dropped file seen in connection with other malware

Source: Joe Sandbox View

Dropped File: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe EE87747102EBA8844939352740D0BB6C4A67F10C2656961CB2722CD42BA99F40

Found potential string decryption / allocating functions

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe

Code function: String function: 00889E80 appears 40 times

Sample file is different than original file name gathered from version info

Source: Wave Browser.exe, 00000000.00000002.3119106379.000000000043A000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameWave Browser8 vs Wave Browser.exe
Source: Wave Browser.exe, 00000000.00000003.1724192151.0000000002753000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamensArray.dllJ vs Wave Browser.exe
Source: Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSWUpdaterSetup.exeD vs Wave Browser.exe
Source: Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameinetc.dllF vs Wave Browser.exe
Source: Wave Browser.exe, 00000000.00000003.1675908086.0000000002754000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamensResize.dllL vs Wave Browser.exe
Source: Wave Browser.exe	Binary or memory string: OriginalFilenameWave Browser8 vs Wave Browser.exe

Uses 32bit PE files

Source: Wave Browser.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: WaveInstaller-v1.3.16.5.exe0.14.dr

Binary or memory string: g.sln;V

Source: classification engine

Classification label: mal45.evad.winEXE@121/503@0/35

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe

Code function: 1_2_00D72D52 GetLastError,GetLastError,SetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,

1_2_00D72D52

Source: C:\Users\user\Desktop\Wave Browser.exe

0_2_004031D6

Source: C:\Users\user\Desktop\Wave Browser.exe

Code function: 0_2_0040449B GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040449B

Source: C:\Users\user\Desktop\Wave Browser.exe

Code function: 0_2_004020D1 CoCreateInstance,MultiByteToWideChar,

0_2_004020D1

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe

Code function: 1_2_00D71E65 GetTempFileNameW,FindResourceW,LoadResource,LockResource,CreateFileW,SizeofResource,SetFilePointerEx,CloseHandle,

1_2_00D71E65

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe

File created: C:\Program Files (x86)\Wavesor

Jump to behavior

Source: C:\Users\user\Desktop\Wave Browser.exe

File created: C:\Users\user\Wavesor Software

Jump to behavior

Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SWUpdaterS-1-5-21-2246122658-3693405117-2476756634-1002{0FD58F4B-4CDF-4F83-924A-ADD9B61507E8}
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SWUpdaterS-1-5-21-2246122658-3693405117-2476756634-1002{2B637868-842E-4542-88EE-18FD04ACE853}
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SWUpdaterS-1-5-21-2246122658-3693405117-2476756634-1002{606BC4F3-1FF7-40D4-A06E-931682CA20C0}
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SWUpdaterS-1-5-21-2246122658-3693405117-2476756634-1002{F1AF7D1D-31D2-42E8-91B9-63C20107AFBB}
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SWUpdaterS-1-5-21-2246122658-3693405117-2476756634-1002{C226E7AE-5ADE-4596-BD39-56D84ED23288}
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SWUpdaterS-1-5-21-2246122658-3693405117-2476756634-1002{C7AE82B6-C983-4F6C-A60D-762D8C9FABF0}
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SWUpdaterS-1-5-21-2246122658-3693405117-2476756634-1002{3BDDC0BC-A609-4E60-9E9A-35BC0CD05029}
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SWUpdater{0FD58F4B-4CDF-4F83-924A-ADD9B61507E8}

Source: C:\Users\user\Desktop\Wave Browser.exe

File created: C:\Users\user\AppData\Local\Temp\nsdDC8D.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Command line argument: kernel32.dll	1_2_00D72445
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Command line argument: kernel32.dll	2_2_006469C8
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Command line argument: DllEntry	2_2_006469C8
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Command line argument: >,e	2_2_00652B90
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Command line argument: kernel32.dll	3_2_00C369C8
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Command line argument: DllEntry	3_2_00C369C8
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Command line argument: kernel32.dll	18_2_00881586

Source: Wave Browser.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Wave Browser.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Wave Browser.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Wave Browser.exe

Virustotal: Detection: 10%

Source: C:\Users\user\Desktop\Wave Browser.exe

File read: C:\Users\user\Desktop\Wave Browser.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Wave Browser.exe "C:\Users\user\Desktop\Wave Browser.exe"
Source: C:\Users\user\Desktop\Wave Browser.exe	Process created: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe "C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Process created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe "C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /regserver
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user
Source: unknown	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /c
Source: unknown	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ua /installsource scheduler
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /cr
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ua /installsource core
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /registermsihelper
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9Ins1RjRENDdGRS1CNDQ4LTQzNDAtQjY1Qi03QUYyNDVFRTc5MEN9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezVEOUEyNUNELTJDQkQtNDIxMS1CM0MzLTIxMEREQzcxNjk4MH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjEzMy4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTAxNiIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{5F4D47FE-B448-4340-B65B-7AF245EE790C}"
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /uninstall
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswRjU4QTAwRC00MTc1LTREODctQUIwMi1FRTlCMTQ0OTczNjF9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJ1bmluc3RhbGwiIHJlcXVlc3RpZD0ie0IwNEYxMzYzLTQxQTgtNDg2RS1BOTU4LTEzMUZDNTcwRTEwOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RUIxNDlBRDItQ0U0RS00RjUxLUI3RkMtQTE0OUZBQTRDQ0FGfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSI0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
Source: unknown	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe"
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /c
Source: unknown	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe"
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=404b2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=404b2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=2004,i,3718953657744578865,13232452162775934316,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=404b2 --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:3
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:17414 /prefetch:2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5880 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2040,i,9846940053479223879,3976424785995044148,262144 /prefetch:3
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswRjU4QTAwRC00MTc1LTREODctQUIwMi1FRTlCMTQ0OTczNjF9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJ1bmluc3RhbGwiIHJlcXVlc3RpZD0iezMyNzQ0Q0IzLUQ3M0EtNEQ5NC1BMkIyLUM1ODIwNUE0NDJBQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iMS4zLjEzMy4wIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2004,i,761526046158747839,15104522579484344094,262144 /prefetch:3
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:82952 /prefetch:2
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:17420 /prefetch:2
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:82962 /prefetch:2
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /unregserver
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user /unregister
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user /unregister
Source: C:\Users\user\Desktop\Wave Browser.exe	Process created: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe "C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Process created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe "C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /regserver	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9Ins1RjRENDdGRS1CNDQ4LTQzNDAtQjY1Qi03QUYyNDVFRTc5MEN9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezVEOUEyNUNELTJDQkQtNDIxMS1CM0MzLTIxMEREQzcxNjk4MH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjEzMy4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTAxNiIvPjwvYXBwPjwvcmVxdWVzdD4	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{5F4D47FE-B448-4340-B65B-7AF245EE790C}"	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /cr	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ua /installsource core	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /registermsihelper	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /uninstall	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: unknown unknown
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: unknown unknown
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: unknown unknown
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswRjU4QTAwRC00MTc1LTREODctQUIwMi1FRTlCMTQ0OTczNjF9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJ1bmluc3RhbGwiIHJlcXVlc3RpZD0ie0IwNEYxMzYzLTQxQTgtNDg2RS1BOTU4LTEzMUZDNTcwRTEwOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RUIxNDlBRDItQ0U0RS00RjUxLUI3RkMtQTE0OUZBQTRDQ0FGfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSI0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswRjU4QTAwRC00MTc1LTREODctQUIwMi1FRTlCMTQ0OTczNjF9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJ1bmluc3RhbGwiIHJlcXVlc3RpZD0iezMyNzQ0Q0IzLUQ3M0EtNEQ5NC1BMkIyLUM1ODIwNUE0NDJBQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iMS4zLjEzMy4wIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /unregserver
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: unknown unknown
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /c
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:17410 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:17414 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:82952 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:17420 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:82962 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=404b2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=404b2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=2004,i,3718953657744578865,13232452162775934316,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5880 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=2040,i,9846940053479223879,3976424785995044148,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2004,i,761526046158747839,15104522579484344094,262144 /prefetch:3
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user /unregister
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe" /user /unregister
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: mdmregistration.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: omadmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: dmcmnutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: iri.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: dsreg.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wldp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: version.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: userenv.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wininet.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netutils.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: profapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: winsta.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: bitsproxy.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: webio.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wldp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: version.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: userenv.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wininet.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netutils.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: profapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wldp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: version.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: userenv.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wininet.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netutils.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: profapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wldp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: version.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: userenv.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wininet.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netutils.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: profapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: webio.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: schannel.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msxml3.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wldp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: version.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: userenv.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wininet.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netutils.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: profapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: mdmregistration.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: omadmapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dmcmnutils.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iri.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dsreg.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msxml3.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: webio.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: schannel.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: winsta.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: bitsproxy.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wldp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: version.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: userenv.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wininet.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: netutils.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: profapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: mdmregistration.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: omadmapi.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dmcmnutils.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iri.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: dsreg.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: msxml3.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: propsys.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: edputil.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: slc.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: sppc.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Section loaded: onecoreuapcommonproxystub.dll

Source: C:\Users\user\Desktop\Wave Browser.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Found window with many clickable UI elements (buttons, textforms, scrollbars etc)

Source: C:\Users\user\Desktop\Wave Browser.exe

Window detected: Number of UI elements: 12

Checks if Microsoft Office is installed

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Lync

PE / OLE file has a valid certificate

Source: Wave Browser.exe

Static PE information: certificate valid

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: Wave Browser.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: SWUpdaterComRegisterShell64_unsigned.pdbP source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738588150.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterComRegisterShell64.exe, 00000004.00000000.1741960503.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000004.00000002.1742702646.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000005.00000000.1742955987.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000005.00000002.1743564119.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000006.00000000.1743802096.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000006.00000002.1744612123.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000032.00000002.2489252047.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000032.00000000.2487737954.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000033.00000000.2489781316.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000033.00000002.2494623269.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: psmachine_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739428499.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SWUpdaterCore_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738388621.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738545852.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterCore.exe, 00000012.00000000.1865393070.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000012.00000002.1872419615.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000016.00000000.1946044712.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000016.00000002.1946622318.000000000089D000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: SWUpdaterComRegisterShell64_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738746082.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738588150.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterComRegisterShell64.exe, 00000004.00000000.1741960503.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000004.00000002.1742702646.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000005.00000000.1742955987.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000005.00000002.1743564119.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000006.00000000.1743802096.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000006.00000002.1744612123.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000032.00000002.2489252047.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000032.00000000.2487737954.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000033.00000000.2489781316.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp, SWUpdaterComRegisterShell64.exe, 00000033.00000002.2494623269.00007FF6B3547000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: D:\code\test\Plugins\inetc.pdb source: Wave Browser.exe, 00000000.00000003.1674117356.000000000275D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739055852.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.2.dr
Source:	Binary string: SWUpdater_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000000.1736030007.0000000000641000.00000020.00000001.01000000.0000000F.sdmp, SWUpdater.exe, 00000002.00000003.1737496383.0000000000FC4000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739671737.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000003.00000002.1746039937.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000007.00000000.1745569954.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000008.00000002.1779830130.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000009.00000002.1806143853.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 0000000A.00000002.1755368191.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 0000000C.00000002.1759430979.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 0000000D.00000002.2087500459.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 0000000E.00000002.3098537873.0000000000C31000.00000020.00000001.01000000.00000022.sdmp, SWUpdater.exe, 0000000F.00000000.1778826031.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000010.00000002.2157396726.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000013.00000002.1872396760.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000027.00000002.2482941996.0000000000C31000.00000020.00000001.01000000.00000012.sdmp, SWUpdater.exe, 00000031.00000000.2486646354.0000000000C31000.00000020.00000001.01000000.00000012.sdmp
Source:	Binary string: goopdate_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737926668.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, swupdater.dll.2.dr
Source:	Binary string: goopdate_unsigned.pdbq source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737926668.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, swupdater.dll.2.dr
Source:	Binary string: SWUpdaterBroker_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740392071.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SWUpdaterCore_unsigned.pdbT source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004C5000.00000004.00000010.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738388621.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1738545852.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterCore.exe, 00000012.00000000.1865393070.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000012.00000002.1872419615.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000016.00000000.1946044712.000000000089D000.00000002.00000001.01000000.0000001A.sdmp, SWUpdaterCore.exe, 00000016.00000002.1946622318.000000000089D000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: psmachine_unsigned.pdbI source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739399445.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739428499.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psmachine_unsigned_64.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739466166.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned.pdbI source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739055852.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.2.dr
Source:	Binary string: mi_exe_stub.pdb source: SWUpdaterSetup.exe, 00000001.00000000.1732568290.0000000000D87000.00000002.00000001.01000000.0000000E.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110429850.0000000000D87000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: SWUpdaterOnDemand_unsigned.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1740605908.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psuser_unsigned_64.pdbE source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: psmachine_unsigned_64.pdbE source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1739466166.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: swupdaterres_unsigned_en.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000002.3110112651.00000000004BF000.00000004.00000010.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000002.3107996370.0000000000F30000.00000002.00000001.00040000.00000024.sdmp, SWUpdater.exe, 00000002.00000003.1738879717.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000008.00000002.1780255860.0000000001250000.00000002.00000001.00040000.00000019.sdmp, SWUpdater.exe, 0000000A.00000002.1755764745.0000000000C80000.00000002.00000001.00040000.00000019.sdmp, SWUpdater.exe, 0000000E.00000002.3098905569.00000000011F0000.00000002.00000001.00040000.00000023.sdmp, swupdaterres_en.dll.2.dr
Source:	Binary string: psuser_unsigned_64.pdb source: SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe

Code function: 4_2_00007FF6B353397C LoadLibraryW,GetProcAddress,FreeLibrary,

4_2_00007FF6B353397C

PE file contains an invalid checksum

Source: SWUpdaterSetup.exe.1.dr	Static PE information: real checksum: 0xc58bd should be: 0xd217b
Source: SWUpdaterSetup.exe.2.dr	Static PE information: real checksum: 0xc58bd should be: 0xd217b
Source: SWUpdaterSetup.exe.0.dr	Static PE information: real checksum: 0xc58bd should be: 0xd217b

PE file contains sections with non-standard names

Source: SWUpdaterComRegisterShell64.exe.1.dr	Static PE information: section name: _RDATA
Source: psmachine.dll.1.dr	Static PE information: section name: .orpc
Source: psmachine_64.dll.1.dr	Static PE information: section name: .orpc
Source: psmachine_64.dll.1.dr	Static PE information: section name: _RDATA
Source: psuser.dll.1.dr	Static PE information: section name: .orpc
Source: psuser_64.dll.1.dr	Static PE information: section name: .orpc
Source: psuser_64.dll.1.dr	Static PE information: section name: _RDATA
Source: SWUpdaterComRegisterShell64.exe.2.dr	Static PE information: section name: _RDATA
Source: psuser.dll.2.dr	Static PE information: section name: .orpc
Source: psuser_64.dll.2.dr	Static PE information: section name: .orpc
Source: psuser_64.dll.2.dr	Static PE information: section name: _RDATA
Source: psmachine.dll.2.dr	Static PE information: section name: .orpc
Source: psmachine_64.dll.2.dr	Static PE information: section name: .orpc
Source: psmachine_64.dll.2.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D75624 push ecx; ret	1_2_00D75636
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Code function: 2_2_00647D84 push ecx; ret	2_2_00647D96
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C338C3 push edi; ret	3_2_00C338CA
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C338CC push edi; ret	3_2_00C3392A
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C338E1 push edi; ret	3_2_00C338E2
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C338FC push edi; ret	3_2_00C33902
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C33899 push edi; ret	3_2_00C3389A
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C338B3 push edi; ret	3_2_00C338BA
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C33843 push esi; ret	3_2_00C3384A
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C33879 push edi; ret	3_2_00C3387A
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C33803 push esi; ret	3_2_00C3382A
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C3382B push esi; ret	3_2_00C33832
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C33833 push esi; ret	3_2_00C3383A
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C3383B push esi; ret	3_2_00C33842
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C33947 push edi; ret	3_2_00C3394A
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C33954 push edi; ret	3_2_00C3395A
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C33964 push edi; ret	3_2_00C3396A
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C33977 push edi; ret	3_2_00C3397A
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C33934 push edi; ret	3_2_00C3393A
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C333D0 push eax; ret	3_2_00C333EE
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C333FB push eax; ret	3_2_00C333FE
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C3339D push eax; ret	3_2_00C3339E
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C333B1 push eax; ret	3_2_00C333BE
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C334C0 push edx; ret	3_2_00C334C6
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C334C8 push edx; ret	3_2_00C334CE
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C334D5 push edx; ret	3_2_00C334D6
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C334DC push edx; ret	3_2_00C334DE
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C334E0 push edx; ret	3_2_00C334E6
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C334E8 push edx; ret	3_2_00C334EE
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C33484 push ecx; ret	3_2_00C3349E
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C334A0 push ecx; ret	3_2_00C334AE

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psmachine.dll	Jump to dropped file
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	File created: C:\Users\user\AppData\Local\Temp\SWUpdater.exe59227b (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psuser_64.dll	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterSetup.exe	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdater.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterSetup.exe	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\swupdater.dll	Jump to dropped file
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\Download\{EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}\1.3.16.5\WaveInstaller-v1.3.16.5.exe	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterBroker.exe	Jump to dropped file
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	File created: C:\Users\user\AppData\Local\Temp\swupdater.dll59227b (copy)	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psmachine_64.dll	Jump to dropped file
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	File created: C:\Users\user\AppData\Local\Temp\swupdaterres_en.dll59227b (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterBroker.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\swupdaterres_en.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\swupdater.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser.exe	File created: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\nsArray.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\swupdaterres_en.dll	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psuser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterCore.exe	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psmachine_64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser.exe	File created: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser.exe	File created: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psmachine.dll	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser.exe	File created: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\Install\{DF7E1C1A-4867-4899-A0E8-C8CB671FD3D1}\WaveInstaller-v1.3.16.5.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser.exe	File created: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\nsResize.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterComRegisterShell64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser.exe	File created: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterOnDemand.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterOnDemand.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	File created: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psuser.dll	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	File created: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psuser_64.dll	Jump to dropped file

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B3534434 GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,		4_2_00007FF6B3534434
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_0088548F GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,		18_2_0088548F

Boot Survival

Creates multiple autostart registry keys

Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Wavesor SWUpdater			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868

Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Wavesor SWUpdater	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Wavesor SWUpdater	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868

Hooking and other Techniques for Hiding and Protection

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe

Code function: 4_2_00007FF6B3536138 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_00007FF6B3536138

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\Wave Browser.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\Wave Browser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain checking for user administrative privileges

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe

Check user administrative privileges: IsUserAndAdmin, DecisionNode

graph_1-10941

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psmachine.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psuser_64.dll	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\swupdater.dll	Jump to dropped file
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\Wavesor Software\SWUpdater\Download\{EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}\1.3.16.5\WaveInstaller-v1.3.16.5.exe	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterBroker.exe	Jump to dropped file
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\swupdater.dll59227b (copy)	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psmachine_64.dll	Jump to dropped file
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\swupdaterres_en.dll59227b (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterBroker.exe	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\swupdaterres_en.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\swupdater.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\swupdaterres_en.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\nsArray.dll	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psuser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psmachine_64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psmachine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\Wavesor Software\SWUpdater\Install\{DF7E1C1A-4867-4899-A0E8-C8CB671FD3D1}\WaveInstaller-v1.3.16.5.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\nsResize.dll	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterOnDemand.exe	Jump to dropped file
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Dropped PE file which has not been started: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psuser_64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psuser.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterOnDemand.exe	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Found evasive API chain checking for process token information

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe TID: 7512	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe TID: 7360	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe TID: 7408	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe TID: 7620	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe TID: 4460	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\Desktop\Wave Browser.exe	Code function: 0_2_0040626D FindFirstFileA,FindClose,	0_2_0040626D
Source: C:\Users\user\Desktop\Wave Browser.exe	Code function: 0_2_00405732 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405732
Source: C:\Users\user\Desktop\Wave Browser.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B35404CC FindFirstFileExW,	4_2_00007FF6B35404CC

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe

Code function: 18_2_0089BC91 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

18_2_0089BC91

Source: SWUpdaterCore.exe, 00000012.00000002.1873017722.0000000000EFD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}yS
Source: SWUpdater.exe, 0000000F.00000003.2499522880.0000000000815000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y4
Source: SWUpdaterCore.exe, 00000012.00000002.1873017722.0000000000EFD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\yq
Source: ie_to_edge_stub.exe, 00000019.00000002.1970342434.0000022F3BC45000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000
Source: SWUpdater.exe, 0000000F.00000003.2501017317.000000000082D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\<P
Source: SWUpdater.exe, 00000010.00000003.1855178131.0000000000887000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000010.00000003.1855491947.0000000000888000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000010.00000002.2156900603.000000000088A000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000010.00000003.1855365325.0000000000887000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWN
Source: WaveInstaller-v1.3.16.5.exe0.14.dr	Binary or memory string: 4tHGfs
Source: Wave Browser.exe, 00000000.00000003.1675108308.0000000000565000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674014008.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119234785.000000000055F000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674919621.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1674919621.0000000000563000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675803860.0000000000563000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1675803860.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676677141.000000000059D000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1676677141.0000000000563000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119234785.000000000059D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SWUpdater.exe, 00000008.00000002.1780415358.00000000013A6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: iexplore.exe, 00000017.00000002.3516401707.000001A0A0472000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW=
Source: SWUpdater.exe, 00000009.00000002.1805756226.0000000000833000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^
Source: SWUpdater.exe, 00000027.00000002.2484009312.00000000013AB000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000027.00000003.2180999883.00000000013A7000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000027.00000003.2181492818.00000000013A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW_d
Source: SWUpdater.exe, 00000002.00000003.3104979844.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\z

Source: C:\Users\user\Desktop\Wave Browser.exe	API call chain: ExitProcess graph end node			graph_0-3672
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	API call chain: ExitProcess graph end node

Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe

Code function: 1_2_00D844A9 IsDebuggerPresent,OutputDebugStringW,

1_2_00D844A9

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe

Code function: 4_2_00007FF6B3534CC4 InitializeCriticalSectionAndSpinCount,GetLastError,IsDebuggerPresent,OutputDebugStringW,

4_2_00007FF6B3534CC4

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe

Code function: 18_2_0089BC91 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C

18_2_0089BC91

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe

Code function: 4_2_00007FF6B353397C LoadLibraryW,GetProcAddress,FreeLibrary,

4_2_00007FF6B353397C

Contains functionality to read the PEB

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D7BDE3 mov eax, dword ptr fs:[00000030h]	1_2_00D7BDE3
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D77A26 mov eax, dword ptr fs:[00000030h]	1_2_00D77A26
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Code function: 2_2_0064C528 mov eax, dword ptr fs:[00000030h]	2_2_0064C528
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Code function: 2_2_0064AE31 mov eax, dword ptr fs:[00000030h]	2_2_0064AE31
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C3C528 mov eax, dword ptr fs:[00000030h]	3_2_00C3C528
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C3AE31 mov eax, dword ptr fs:[00000030h]	3_2_00C3AE31
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_0088D038 mov eax, dword ptr fs:[00000030h]	18_2_0088D038
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_00890578 mov eax, dword ptr fs:[00000030h]	18_2_00890578

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe

Code function: 1_2_00D711D5 GetProcessHeap,__Init_thread_footer,__Init_thread_footer,

1_2_00D711D5

Enables debug privileges

Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D75825 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00D75825
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D7551E SetUnhandledExceptionFilter,	1_2_00D7551E
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D7A602 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00D7A602
Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	Code function: 1_2_00D7538B IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00D7538B
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Code function: 2_2_0064783B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0064783B
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Code function: 2_2_0064A818 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0064A818
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Code function: 2_2_0064795C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0064795C
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Code function: 2_2_00647AF2 SetUnhandledExceptionFilter,	2_2_00647AF2
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C3A818 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00C3A818
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C3783B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00C3783B
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C3795C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00C3795C
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Code function: 3_2_00C37AF2 SetUnhandledExceptionFilter,	3_2_00C37AF2
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B3535B5C SetUnhandledExceptionFilter,	4_2_00007FF6B3535B5C
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B3539E38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FF6B3539E38
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B3535978 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FF6B3535978
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	Code function: 4_2_00007FF6B35355C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FF6B35355C0
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_0088997E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	18_2_0088997E
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_00889A9F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_00889A9F
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_0088CA1D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	18_2_0088CA1D
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Code function: 18_2_00889C35 SetUnhandledExceptionFilter,	18_2_00889C35

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly

Contains functionality to launch a program with higher privileges

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe

Code function: 18_2_00883EDB SetForegroundWindow,ShellExecuteExW,AllowSetForegroundWindow,GetLastError,GetLastError,DestroyWindow,SetLastError,

18_2_00883EDB

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9Ins1RjRENDdGRS1CNDQ4LTQzNDAtQjY1Qi03QUYyNDVFRTc5MEN9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezVEOUEyNUNELTJDQkQtNDIxMS1CM0MzLTIxMEREQzcxNjk4MH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjEzMy4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTAxNiIvPjwvYXBwPjwvcmVxdWVzdD4	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{5F4D47FE-B448-4340-B65B-7AF245EE790C}"	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /registermsihelper	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswRjU4QTAwRC00MTc1LTREODctQUIwMi1FRTlCMTQ0OTczNjF9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJ1bmluc3RhbGwiIHJlcXVlc3RpZD0ie0IwNEYxMzYzLTQxQTgtNDg2RS1BOTU4LTEzMUZDNTcwRTEwOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RUIxNDlBRDItQ0U0RS00RjUxLUI3RkMtQTE0OUZBQTRDQ0FGfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSI0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswRjU4QTAwRC00MTc1LTREODctQUIwMi1FRTlCMTQ0OTczNjF9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJ1bmluc3RhbGwiIHJlcXVlc3RpZD0iezMyNzQ0Q0IzLUQ3M0EtNEQ5NC1BMkIyLUM1ODIwNUE0NDJBQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iMS4zLjEzMy4wIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: unknown unknown
Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /c
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=404b2

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "c:\users\user\wavesor software\swupdater\swupdater.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjtv1vwzgf0zxiiihvwzgf0zxj2zxjzaw9upsixljmumtmzljaiihnozwxsx3zlcnnpb249ijeumy4xmzmumcigaxntywnoaw5lpsiwiibzzxnzaw9uawq9ins1rjrenddgrs1cndq4ltqzndatqjy1qi03quyyndvfrtc5men9iib1c2vyawq9intjmwu4mgi5os1hn2m1ltqwy2ytytg4mi0yyzawyjy4ogzkytz9iibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihjlcxvlc3rpzd0iezveoueynuneltjdqkqtndixms1cm0mzltixmereqzcxnjk4mh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7rjzgnjbbq0utnzfbrc00njewltgwrdqtoti1mzcyouzcnei3fsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims4zljezmy4wiibsyw5npsjlbiigynjhbmq9iiigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0imtaxniivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "c:\users\user\wavesor software\swupdater\swupdater.exe" /handoff "bundlename=wavebrowser&appguid={eb149ad2-ce4e-4f51-b7fc-a149faa4ccaf}&appname=wavebrowser&needsadmin=false&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{5f4d47fe-b448-4340-b65b-7af245ee790c}"
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "c:\users\user\wavesor software\swupdater\swupdater.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjtv1vwzgf0zxiiihvwzgf0zxj2zxjzaw9upsixljmumtmzljaiihnozwxsx3zlcnnpb249ijeumy4xmzmumcigaxntywnoaw5lpsiwiibzzxnzaw9uawq9inswrju4qtawrc00mtc1ltreodctquiwmi1frtlcmtq0otcznjf9iib1c2vyawq9intjmwu4mgi5os1hn2m1ltqwy2ytytg4mi0yyzawyjy4ogzkytz9iibpbnn0ywxsc291cmnlpsj1bmluc3rhbgwiihjlcxvlc3rpzd0ie0iwneyxmzyzltqxqtgtndg2rs1botu4ltezmuzdntcwrtewoh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ruixndlbrditq0u0rs00rjuxlui3rkmtqte0ouzbqtrdq0fgfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0iiibsyw5npsiiigjyyw5kpsiiignsawvudd0iij48zxzlbnqgzxzlbnr0exblpsi0iibldmvudhjlc3vsdd0imsigzxjyb3jjb2rlpsiwiiblehryywnvzguxpsiwii8-pc9hcha-pc9yzxf1zxn0pg
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "c:\users\user\wavesor software\swupdater\swupdater.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjtv1vwzgf0zxiiihvwzgf0zxj2zxjzaw9upsixljmumtmzljaiihnozwxsx3zlcnnpb249ijeumy4xmzmumcigaxntywnoaw5lpsiwiibzzxnzaw9uawq9inswrju4qtawrc00mtc1ltreodctquiwmi1frtlcmtq0otcznjf9iib1c2vyawq9intjmwu4mgi5os1hn2m1ltqwy2ytytg4mi0yyzawyjy4ogzkytz9iibpbnn0ywxsc291cmnlpsj1bmluc3rhbgwiihjlcxvlc3rpzd0iezmynzq0q0izluq3m0etneq5nc1bmkiylum1odiwnue0ndjbqn0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7rjzgnjbbq0utnzfbrc00njewltgwrdqtoti1mzcyouzcnei3fsigdmvyc2lvbj0ims4zljezmy4wiibuzxh0dmvyc2lvbj0iiibsyw5npsiiigjyyw5kpsjhr0xtiibjbgllbnq9iiigaw5zdgfsbgfnzt0imcigaw5zdgfsbgrhdgu9ii0xij48zxzlbnqgzxzlbnr0exblpsi0iibldmvudhjlc3vsdd0imsigzxjyb3jjb2rlpsiwiiblehryywnvzguxpsiwii8-pc9hcha-pc9yzxf1zxn0pg
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "c:\users\user\wavesor software\swupdater\swupdater.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjtv1vwzgf0zxiiihvwzgf0zxj2zxjzaw9upsixljmumtmzljaiihnozwxsx3zlcnnpb249ijeumy4xmzmumcigaxntywnoaw5lpsiwiibzzxnzaw9uawq9ins1rjrenddgrs1cndq4ltqzndatqjy1qi03quyyndvfrtc5men9iib1c2vyawq9intjmwu4mgi5os1hn2m1ltqwy2ytytg4mi0yyzawyjy4ogzkytz9iibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihjlcxvlc3rpzd0iezveoueynuneltjdqkqtndixms1cm0mzltixmereqzcxnjk4mh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7rjzgnjbbq0utnzfbrc00njewltgwrdqtoti1mzcyouzcnei3fsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims4zljezmy4wiibsyw5npsjlbiigynjhbmq9iiigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0imtaxniivpjwvyxbwpjwvcmvxdwvzdd4	Jump to behavior
Source: C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "c:\users\user\wavesor software\swupdater\swupdater.exe" /handoff "bundlename=wavebrowser&appguid={eb149ad2-ce4e-4f51-b7fc-a149faa4ccaf}&appname=wavebrowser&needsadmin=false&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{5f4d47fe-b448-4340-b65b-7af245ee790c}"	Jump to behavior
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "c:\users\user\wavesor software\swupdater\swupdater.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjtv1vwzgf0zxiiihvwzgf0zxj2zxjzaw9upsixljmumtmzljaiihnozwxsx3zlcnnpb249ijeumy4xmzmumcigaxntywnoaw5lpsiwiibzzxnzaw9uawq9inswrju4qtawrc00mtc1ltreodctquiwmi1frtlcmtq0otcznjf9iib1c2vyawq9intjmwu4mgi5os1hn2m1ltqwy2ytytg4mi0yyzawyjy4ogzkytz9iibpbnn0ywxsc291cmnlpsj1bmluc3rhbgwiihjlcxvlc3rpzd0ie0iwneyxmzyzltqxqtgtndg2rs1botu4ltezmuzdntcwrtewoh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ruixndlbrditq0u0rs00rjuxlui3rkmtqte0ouzbqtrdq0fgfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0iiibsyw5npsiiigjyyw5kpsiiignsawvudd0iij48zxzlbnqgzxzlbnr0exblpsi0iibldmvudhjlc3vsdd0imsigzxjyb3jjb2rlpsiwiiblehryywnvzguxpsiwii8-pc9hcha-pc9yzxf1zxn0pg
Source: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe	Process created: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe "c:\users\user\wavesor software\swupdater\swupdater.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjtv1vwzgf0zxiiihvwzgf0zxj2zxjzaw9upsixljmumtmzljaiihnozwxsx3zlcnnpb249ijeumy4xmzmumcigaxntywnoaw5lpsiwiibzzxnzaw9uawq9inswrju4qtawrc00mtc1ltreodctquiwmi1frtlcmtq0otcznjf9iib1c2vyawq9intjmwu4mgi5os1hn2m1ltqwy2ytytg4mi0yyzawyjy4ogzkytz9iibpbnn0ywxsc291cmnlpsj1bmluc3rhbgwiihjlcxvlc3rpzd0iezmynzq0q0izluq3m0etneq5nc1bmkiylum1odiwnue0ndjbqn0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7rjzgnjbbq0utnzfbrc00njewltgwrdqtoti1mzcyouzcnei3fsigdmvyc2lvbj0ims4zljezmy4wiibuzxh0dmvyc2lvbj0iiibsyw5npsiiigjyyw5kpsjhr0xtiibjbgllbnq9iiigaw5zdgfsbgfnzt0imcigaw5zdgfsbgrhdgu9ii0xij48zxzlbnqgzxzlbnr0exblpsi0iibldmvudhjlc3vsdd0imsigzxjyb3jjb2rlpsiwiiblehryywnvzguxpsiwii8-pc9hcha-pc9yzxf1zxn0pg

Source: C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe

Code function: 18_2_00883372 GetSecurityDescriptorDacl,SetSecurityDescriptorDacl,

18_2_00883372

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe

Code function: 1_2_00D75638 cpuid

1_2_00D75638

Source: C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe

Code function: 1_2_00D7527B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

1_2_00D7527B

Source: C:\Users\user\Desktop\Wave Browser.exe

0_2_004031D6

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	13 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Exploitation for Client Execution	1 DLL Search Order Hijacking	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	2 Clipboard Data	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	12 Command and Scripting Interpreter	1 Scheduled Task/Job	1 DLL Search Order Hijacking	21 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	11 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Software Packing	NTDS	16 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	111 Process Injection	1 DLL Side-Loading	LSA Secrets	1 Query Registry	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	1 Scheduled Task/Job	1 DLL Search Order Hijacking	Cached Domain Credentials	31 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	11 Registry Run Keys / Startup Folder	2 Masquerading	DCSync	1 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Virtualization/Sandbox Evasion	Proc Filesystem	1 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	111 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Wave Browser.exe	12%	ReversingLabs
Wave Browser.exe	10%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	3%	ReversingLabs
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterBroker.exe	4%	ReversingLabs
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterComRegisterShell64.exe	4%	ReversingLabs
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterCore.exe	8%	ReversingLabs
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterOnDemand.exe	4%	ReversingLabs
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterSetup.exe	8%	ReversingLabs
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psmachine.dll	3%	ReversingLabs
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psmachine_64.dll	4%	ReversingLabs
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psuser.dll	3%	ReversingLabs
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psuser_64.dll	4%	ReversingLabs
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\swupdater.dll	3%	ReversingLabs
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\swupdaterres_en.dll	4%	ReversingLabs
C:\Users\user\AppData\Local\Temp\SWUpdater.exe59227b (copy)	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe	8%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\inetc.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\nsArray.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\nsDialogs.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\nsResize.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\swupdater.dll59227b (copy)	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\swupdaterres_en.dll59227b (copy)	4%	ReversingLabs
C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdater.exe	3%	ReversingLabs
C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterBroker.exe	4%	ReversingLabs
C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterComRegisterShell64.exe	4%	ReversingLabs
C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe	8%	ReversingLabs
C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterOnDemand.exe	4%	ReversingLabs
C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterSetup.exe	8%	ReversingLabs
C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psmachine.dll	3%	ReversingLabs
C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psmachine_64.dll	4%	ReversingLabs
C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psuser.dll	3%	ReversingLabs
C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\psuser_64.dll	4%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://nsis.sf.net/NSIS_Error	0%	URL Reputation	safe
https://www.msn.com/?ocid=iehp72M	0%	Avira URL Cloud	safe
http://www.dailymail.co.uk/	0%	Avira URL Cloud	safe
http://www.merlin.com.pl/favicon.ico	0%	Avira URL Cloud	safe
http://search.chol.com/favicon.ico	0%	Avira URL Cloud	safe
https://android.notify.windows.com/iOSX	0%	Avira URL Cloud	safe
https://ff.search.yahoo.com/gossip?output=fxjson&command=	0%	Avira URL Cloud	safe
http://search.aol.com/M	0%	Avira URL Cloud	safe
https://api.wavebrowserbase.com/inst/15/status/chr_swupd_finished?id=&v=1.4.16.2&swexcr=07/&	0%	Avira URL Cloud	safe
http://www.merlin.com.pl/favicon.ico	0%	Virustotal		Browse
http://www.dailymail.co.uk/	0%	Virustotal		Browse
https://aefd.nelreports.net/api/report?cat=bingcsp	0%	Avira URL Cloud	safe
https://android.notify.windows.com/iOSX	0%	Virustotal		Browse
http://search.chol.com/favicon.ico	0%	Virustotal		Browse
https://ff.search.yahoo.com/gossip?output=fxjson&command=	0%	Virustotal		Browse
http://fr.search.yahoo.com/	0%	Avira URL Cloud	safe
http://video.globo.com/favicon.icog	0%	Avira URL Cloud	safe
https://aefd.nelreports.net/api/report?cat=bingcsp	0%	Virustotal		Browse
http://www.etmall.com.tw/favicon.icoY	0%	Avira URL Cloud	safe
http://fr.search.yahoo.com/	0%	Virustotal		Browse
http://in.search.yahoo.com/	0%	Avira URL Cloud	safe
https://clients2.swupdater.com/tN	0%	Avira URL Cloud	safe
http://www.alarabiya.net/a	0%	Avira URL Cloud	safe
http://www.etmall.com.tw/favicon.icoY	0%	Virustotal		Browse
https://clients2.swupdater.com/service/check2?Z	0%	Avira URL Cloud	safe
http://img.shopzilla.com/shopzilla/shopzilla.ico	0%	Avira URL Cloud	safe
http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea	0%	Avira URL Cloud	safe
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS5	0%	Avira URL Cloud	safe
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6	0%	Avira URL Cloud	safe
http://busca.uol.com.br/H	0%	Avira URL Cloud	safe
http://img.shopzilla.com/shopzilla/shopzilla.ico	0%	Virustotal		Browse
http://recherche.tf1.fr/0	0%	Avira URL Cloud	safe
http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea	0%	Virustotal		Browse
http://msk.afisha.ru/	0%	Avira URL Cloud	safe
http://in.search.yahoo.com/	0%	Virustotal		Browse
http://www.orange.fr/r	0%	Avira URL Cloud	safe
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6	0%	Virustotal		Browse
https://wns.windows.com/	0%	Avira URL Cloud	safe
http://recherche.tf1.fr/0	0%	Virustotal		Browse
http://www.reddit.com/	0%	Avira URL Cloud	safe
https://www.msn.com/?ocid=iehpB2E3A	0%	Avira URL Cloud	safe
http://www.merlin.com.pl/8	0%	Avira URL Cloud	safe
http://www.ya.com/favicon.ico	0%	Avira URL Cloud	safe
https://www.msn.com/?ocid=iehpB2E3A	0%	Virustotal		Browse
http://www.orange.fr/r	0%	Virustotal		Browse
http://search.ebay.com/favicon.icoJ	0%	Avira URL Cloud	safe
http://www.ya.com/favicon.ico	0%	Virustotal		Browse
http://www.merlin.com.pl/8	0%	Virustotal		Browse
http://msk.afisha.ru/	0%	Virustotal		Browse
http://www.reddit.com/	0%	Virustotal		Browse
http://www.etmall.com.tw/favicon.ico	0%	Avira URL Cloud	safe
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS5	0%	Virustotal		Browse
http://www.mtv.com/j?L	0%	Avira URL Cloud	safe
http://it.search.dada.net/favicon.ico	0%	Avira URL Cloud	safe
http://price.ru/favicon.icoY	0%	Avira URL Cloud	safe
http://www.etmall.com.tw/favicon.ico	0%	Virustotal		Browse
http://search.hanafos.com/favicon.ico	0%	Avira URL Cloud	safe
http://cgi.search.biglobe.ne.jp/favicon.ico	0%	Avira URL Cloud	safe
https://wns.windows.com/	0%	Virustotal		Browse
http://search.ebay.com/favicon.icoJ	0%	Virustotal		Browse
http://search.msn.co.jp/results.aspx?q=	0%	Avira URL Cloud	safe
http://it.search.dada.net/favicon.ico	0%	Virustotal		Browse
http://buscar.ozu.es/	0%	Avira URL Cloud	safe
http://price.ru/favicon.icoY	0%	Virustotal		Browse
http://www.ask.com/	0%	Avira URL Cloud	safe
http://cgi.search.biglobe.ne.jp/favicon.ico	0%	Virustotal		Browse
http://search.live.com/results.aspx?FORM=SOLTDF&q=	0%	Avira URL Cloud	safe
http://search.msn.co.jp/results.aspx?q=	0%	Virustotal		Browse
http://www.google.it/	0%	Avira URL Cloud	safe
http://search.auction.co.kr/	0%	Avira URL Cloud	safe
http://www.ask.com/	0%	Virustotal		Browse
http://search.yahoo.com/favicon.icot	0%	Avira URL Cloud	safe
http://search.live.com/results.aspx?FORM=SOLTDF&q=	0%	Virustotal		Browse
http://search.cn.yahoo.com/t	0%	Avira URL Cloud	safe
http://www.amazon.de/	0%	Avira URL Cloud	safe
http://www.google.it/	0%	Virustotal		Browse
https://swupdater.com/service/update24N	0%	Avira URL Cloud	safe
http://sads.myspace.com/	0%	Avira URL Cloud	safe
http://search.interpark.com/t	0%	Avira URL Cloud	safe
http://suche.freenet.de/favicon.icoC	0%	Avira URL Cloud	safe
http://search.ebay.com/favicon.icot	0%	Avira URL Cloud	safe
http://search.hanafos.com/favicon.ico	0%	Virustotal		Browse
http://www.pchome.com.tw/favicon.ico	0%	Avira URL Cloud	safe
http://list.taobao.com/browse/search_visual.htm?n=15&q=	0%	Avira URL Cloud	safe
http://google.pchome.com.tw/	0%	Avira URL Cloud	safe
http://list.taobao.com/browse/search_visual.htm?n=15&q=	0%	Avira URL Cloud	safe
http://www.rambler.ru/favicon.ico	0%	Avira URL Cloud	safe
http://uk.search.yahoo.com/	0%	Avira URL Cloud	safe
https://www.msn.com/favicon.ico:Sat:Saturday	0%	Avira URL Cloud	safe
https://wavebrowser.co/termshttps://wavebrowser.co/privacyhttps://wavebrowser.co/changelog	0%	Avira URL Cloud	safe
https://swupdater.com:443	0%	Avira URL Cloud	safe
http://www.ozu.es/favicon.ico	0%	Avira URL Cloud	safe
http://search.sify.com/	0%	Avira URL Cloud	safe
http://openimage.interpark.com/interpark.ico	0%	Avira URL Cloud	safe
http://search.yahoo.co.jp/favicon.ico	0%	Avira URL Cloud	safe
http://www.gmarket.co.kr/	0%	Avira URL Cloud	safe
http://search.nifty.com/	0%	Avira URL Cloud	safe
http://www.google.si/	0%	Avira URL Cloud	safe
http://www.ya.com/favicon.icoy	0%	Avira URL Cloud	safe
http://www.soso.com/	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://search.chol.com/favicon.ico	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.merlin.com.pl/favicon.ico	iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://android.notify.windows.com/iOSX	iexplore.exe, 00000017.00000002.3520085326.000001A0A3391000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.dailymail.co.uk/	iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.msn.com/?ocid=iehp72M	iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ff.search.yahoo.com/gossip?output=fxjson&command=	SWUpdater.exe, 0000000E.00000003.2790429232.0000000004340000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://search.aol.com/M	iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.wavebrowserbase.com/inst/15/status/chr_swupd_finished?id=&v=1.4.16.2&swexcr=07/&	Wave Browser.exe, 00000000.00000002.3120881782.000000000470C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aefd.nelreports.net/api/report?cat=bingcsp	iexplore.exe, 00000017.00000003.2014518017.000001A0A332C000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://fr.search.yahoo.com/	iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://video.globo.com/favicon.icog	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.etmall.com.tw/favicon.icoY	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://in.search.yahoo.com/	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://clients2.swupdater.com/tN	SWUpdater.exe, 00000009.00000002.1805756226.000000000086E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.alarabiya.net/a	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://clients2.swupdater.com/service/check2?Z	SWUpdater.exe, 00000009.00000002.1805756226.0000000000854000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://img.shopzilla.com/shopzilla/shopzilla.ico	iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015469461.000001A0A3156000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea	iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015469461.000001A0A3156000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS5	iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6	iexplore.exe, 00000017.00000002.3517451438.000001A0A2C74000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://busca.uol.com.br/H	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://recherche.tf1.fr/0	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://msk.afisha.ru/	iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.orange.fr/r	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://wns.windows.com/	iexplore.exe, 00000017.00000002.3520085326.000001A0A33DB000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.reddit.com/	iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.msn.com/?ocid=iehpB2E3A	iexplore.exe, 00000017.00000002.3517451438.000001A0A2C67000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.merlin.com.pl/8	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.ya.com/favicon.ico	iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://search.ebay.com/favicon.icoJ	iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.etmall.com.tw/favicon.ico	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://it.search.dada.net/favicon.ico	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.mtv.com/j?L	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://price.ru/favicon.icoY	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://search.hanafos.com/favicon.ico	iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://cgi.search.biglobe.ne.jp/favicon.ico	iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://search.msn.co.jp/results.aspx?q=	iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3516401707.000001A0A0472000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3164000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://buscar.ozu.es/	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ask.com/	iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://search.live.com/results.aspx?FORM=SOLTDF&q=	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.google.it/	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://search.auction.co.kr/	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.yahoo.com/favicon.icot	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.cn.yahoo.com/t	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.amazon.de/	iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://swupdater.com/service/update24N	SWUpdater.exe, 00000008.00000002.1780415358.000000000134E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_Error	Wave Browser.exe, Wave Browser.exe, 00000000.00000002.3118799216.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Wave Browser.exe, 00000000.00000000.1662723487.0000000000409000.00000008.00000001.01000000.00000003.sdmp, WaveInstaller-v1.3.16.5.exe0.14.dr	false	URL Reputation: safe	unknown
http://sads.myspace.com/	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.interpark.com/t	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://suche.freenet.de/favicon.icoC	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.ebay.com/favicon.icot	iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://list.taobao.com/browse/search_visual.htm?n=15&q=	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.pchome.com.tw/favicon.ico	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://google.pchome.com.tw/	iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://list.taobao.com/browse/search_visual.htm?n=15&q=	iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.rambler.ru/favicon.ico	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://uk.search.yahoo.com/	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/favicon.ico:Sat:Saturday	iexplore.exe, 00000017.00000002.3522815682.000001A0A6911000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3522815682.000001A0A6A69000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wavebrowser.co/termshttps://wavebrowser.co/privacyhttps://wavebrowser.co/changelog	Wave Browser.exe, 00000000.00000002.3119234785.0000000000518000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.1663580891.0000000002755000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://swupdater.com:443	SWUpdater.exe, 0000000E.00000002.3099166175.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ozu.es/favicon.ico	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.sify.com/	iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://openimage.interpark.com/interpark.ico	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.yahoo.co.jp/favicon.ico	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.gmarket.co.kr/	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3166000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.nifty.com/	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.google.si/	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ya.com/favicon.icoy	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.soso.com/	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://espn.go.com/favicon.icoE	iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://asp.usatoday.com/favicon.ico&	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://busca.orange.es/	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cnweb.search.live.com/results.aspx?q=	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015574156.000001A0A3175000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3176000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.twitter.com/	iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.target.com/	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cnet.co.uk/c	iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.myspace.com/favicon.ico&	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.mercadolivre.com.br/p	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.univision.com/N	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519669652.000001A0A315E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015603284.000001A0A315D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://swupdater.com/cr/reportWavesor	SWUpdaterSetup.exe, 00000001.00000003.1734132508.00000000027C1000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1733593107.00000000027CB000.00000004.00000020.00020000.00000000.sdmp, SWUpdaterSetup.exe, 00000001.00000003.1734319236.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, SWUpdater.exe, 00000002.00000003.1737926668.0000000000FFE000.00000004.00000020.00020000.00000000.sdmp, swupdater.dll.2.dr	false	Avira URL Cloud: safe	unknown
http://search.orange.co.uk/favicon.ico	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.iask.com/	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.wavebrowserbase.com/inst/15/status/chr_swupd_finished?id=&v=1.4.16.2&swexcr=0.tmp	Wave Browser.exe, 00000000.00000003.3117920074.00000000005AC000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000002.3119600983.00000000005B7000.00000004.00000020.00020000.00000000.sdmp, Wave Browser.exe, 00000000.00000003.3118311906.00000000005B6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.centrum.cz/favicon.ico	iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.news.com.au/favicon.ico	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiscali.it/favicon.ico	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://it.search.yahoo.com/	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3182000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ceneo.pl/favicon.ico	iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519733691.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.univision.com/favicon.icoG	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.daum.net/favicon.ico	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.kkbox.com.tw/	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.goo.ne.jp/favicon.ico	iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3517451438.000001A0A2C5E000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.msn.com/results.aspx?q=	iexplore.exe, 00000017.00000002.3517451438.000001A0A2BBC000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3516401707.000001A0A04E1000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3164000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://list.taobao.com/	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.nytimes.com/	iexplore.exe, 00000017.00000002.3520085326.000001A0A3458000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml4.23.dr	false	Avira URL Cloud: safe	unknown
http://www.taobao.com/favicon.ico	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.etmall.com.tw/	iexplore.exe, 00000017.00000003.2015000152.000001A0A316C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015666914.000001A0A3184000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519813175.000001A0A3187000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015631814.000001A0A317D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015169298.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ie.search.yahoo.com/os?command=	iexplore.exe, 00000017.00000003.2015533646.000001A0A3178000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015403827.000001A0A3173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cnet.com/favicon.ico	iexplore.exe, 00000017.00000003.2015372752.000001A0A314F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519445178.000001A0A3150000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.linternaute.com/favicon.ico	iexplore.exe, 00000017.00000003.2015469461.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015243126.000001A0A315A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000003.2015126048.000001A0A3157000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000017.00000002.3519590513.000001A0A315B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
2.23.209.149	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
13.107.246.42	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.210.144.17	unknown	United States	14618	AMAZON-AESUS	false
2.23.209.32	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
151.101.129.108	unknown	United States	54113	FASTLYUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
20.189.173.2	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.40.202	unknown	United States	15169	GOOGLEUS	false
52.182.143.215	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.15.178.186	unknown	United States	20940	AKAMAI-ASN1EU	false
88.221.110.195	unknown	European Union	20940	AKAMAI-ASN1EU	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
2.23.209.182	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
13.74.129.1	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.194.137	unknown	United States	54113	FASTLYUS	false
216.58.212.174	unknown	United States	15169	GOOGLEUS	false
2.19.96.66	unknown	European Union	20940	AKAMAI-ASN1EU	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
104.208.16.95	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.89.179.10	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
13.107.21.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.21.239	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.16.129	unknown	United States	15169	GOOGLEUS	false
2.16.164.32	unknown	European Union	20940	AKAMAI-ASN1EU	false
2.16.164.97	unknown	European Union	20940	AKAMAI-ASN1EU	false
52.205.35.208	unknown	United States	14618	AMAZON-AESUS	false
13.107.42.16	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.23.209.29	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
18.244.18.38	unknown	United States	16509	AMAZON-02US	false
184.28.89.167	unknown	United States	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.126.37.144	unknown	United States	20940	AKAMAI-ASN1EU	false
104.126.37.147	unknown	United States	20940	AKAMAI-ASN1EU	false
204.79.197.203	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1468666
Start date and time:	2024-07-07 10:53:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	53
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Wave Browser.exe
Detection:	MAL
Classification:	mal45.evad.winEXE@121/503@0/35
EGA Information:	Successful, ratio: 85.7%
HCA Information:	Successful, ratio: 97% Number of executed functions: 113 Number of non-executed functions: 185
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Execution Graph export aborted for target SWUpdater.exe, PID 7344 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetValueKey calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Skipping network analysis since amount of network traffic is too extensive

Simulations

Behavior and APIs

Time	Type	Description
09:54:06	Task Scheduler	Run new task: WavesorSWUpdaterTaskUserS-1-5-21-2246122658-3693405117-2476756634-1002Core path: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe s>/c
09:54:06	Task Scheduler	Run new task: WavesorSWUpdaterTaskUserS-1-5-21-2246122658-3693405117-2476756634-1002UA path: C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe s>/ua /installsource scheduler
09:54:09	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Wavesor SWUpdater "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe"
09:54:18	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Wavesor SWUpdater "C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe"
09:54:36	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
09:54:44	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
09:55:48	Task Scheduler	Run new task: WaveBrowser-StartAtLogin path: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe s>--strtl=wts
09:55:53	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WaveBrowser_AD560CB9A7D27BAF872A589CCA5356D4 "C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe" --strtl=aut
09:56:01	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WaveBrowser_AD560CB9A7D27BAF872A589CCA5356D4 "C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe" --strtl=aut

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
2.23.209.149	invoice 700898 for wallcentre.com.shtml	Get hash	malicious	Unknown	Browse
	http://css.cdntoswitchspirit.com	Get hash	malicious	Unknown	Browse
	socar.exe	Get hash	malicious	Unknown	Browse
	https://ipfs.io/ipfs/QmWKhkdexSueCwD6DsMpF9DYvwiW7bsBRRc6mCZnsMFGVE/?submit=integrationsrat@stadt.nuernberg.de	Get hash	malicious	Unknown	Browse
	https://www.bing.com/ck/a?!&&p=f8a2d5c859978b76JmltdHM9MTY4NDI4MTYwMCZpZ3VpZD0yZGZmZTZiYS04YjY0LTY0NWItMzViMy1mNWFlOGE3NjY1NDImaW5zaWQ9NTEzNw&ptn=3&hsh=3&fclid=2dffe6ba-8b64-645b-35b3-f5ae8a766542&u=a1aHR0cDovL2JsdWVmaWVsZGludmVzdG1lbnQub3JnLw	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_e058c05eaa614f5e86e702a65f146893d8235c0e.zip	Get hash	malicious	NetSupport RAT	Browse
	https://lylrefrigeracion.com.pe/eod/eumest.php?mveina=9&c=E,1,dp9NEob1tkw1QlmkYDvrpdXiwpOZWzmXtsOSdXKGKBo6nVnI3CB1fphmKUxpZStAO9kKHVcgoRgNcB9cg-uZTI3IM6ecbHi9BxSH_dXeAQBC66bFMFp4kBht&typo=1&ancr_add=1	Get hash	malicious	Unknown	Browse
13.107.246.42	file.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse
	https://41619ec8e8407cbea965833e1fb35e027cd895bdef33c8d4bb7a06d460.pages.dev/	Get hash	malicious	HTMLPhisher	Browse
	https://f4dfc3a6ab223a609ab2682120fd9f431b51dcff8df1312719112d196d.pages.dev/	Get hash	malicious	HTMLPhisher	Browse
	Cherokeebrick-salary increase.pdf	Get hash	malicious	HTMLPhisher	Browse
	Invoice - 74950723898713999323684865104322985373179531936365 - Kforce.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://chorbie.com/services/	Get hash	malicious	Unknown	Browse
	https://iriss.online/i/ontransfer_pathways/login?p=login	Get hash	malicious	Unknown	Browse
	https://url.uk.m.mimecastprotect.com/s/rO3rCG6qJSA66X7FKCV6f?domain=nam.dcv.ms	Get hash	malicious	HTMLPhisher	Browse
	http://sites.google.com/view/terramininghseq/inductions/binduli-and-goldfields-induction	Get hash	malicious	Unknown	Browse
	https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.cognitoforms.com%2fPaulWareConstruction%2fPaulWareConstruction&umid=78a9b273-344a-4f1a-b7d2-24e7c118b2df&auth=3a5566c60b1f4d8525fa8ab109f94675a663eb25-b5b8ec923cecbd7e3e5907f0ebdd261fbc9f6201	Get hash	malicious	HTMLPhisher	Browse
2.23.209.32	https://messengeravl-my.sharepoint.com/:b:/p/joe/EUaalaFNBFVFgzqdWjgwP10BDkdHrky0cuqdP-RpLXIPLQ?e=jfHJMy	Get hash	malicious	HTMLPhisher	Browse
	https://jornalangolense.com/	Get hash	malicious	HTMLPhisher	Browse
	https://login.gatx-portal.com/JGVLrPVA?client_id=shXtw698iH	Get hash	malicious	HTMLPhisher	Browse
151.101.129.108	Wave Browser.exe	Get hash	malicious	Unknown	Browse
	https://dofaceb00kl0gin.angelfire.com/index.htm/	Get hash	malicious	Unknown	Browse
	9d565bee-e6ce-1842-e729-b0df8f08ed34.eml	Get hash	malicious	HTMLPhisher	Browse
	https://www.msn.com/en-us/autos/enthusiasts/what-s-the-difference-between-a-shelby-mustang-and-a-regular-mustang/ar-AA1ntM5Z?ocid=entnewsntp&pc=U531&cvid=8b8aa9e3e14d4164a6a2181020104694&ei=36	Get hash	malicious	Unknown	Browse
	http://woollamau.com	Get hash	malicious	Unknown	Browse
	https://digitalmissioners.com	Get hash	malicious	Unknown	Browse
	[EXTERNAL]0001174512' 'Customer Balance Confirmation.eml	Get hash	malicious	Unknown	Browse
	FW EXTERNALRequest For ACH Completion Form February 05 2024.msg	Get hash	malicious	Unknown	Browse
	https://www.notion.so/Roofers-Mart-261c63250b4847e890515b9d060c1c63?pvs=4	Get hash	malicious	Unknown	Browse
	https://usp.usspcd.top	Get hash	malicious	Unknown	Browse
152.195.19.97	http://ustteam.com/	Get hash	malicious	Unknown	Browse	www.ust.com/

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CWVodafoneGroupPLCEU	https://fastupload.io/1824d409732f30be	Get hash	malicious	Unknown	Browse	2.23.197.190
	https://fastupload.io/1824d409732f30be	Get hash	malicious	Unknown	Browse	2.23.197.190
	https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLr	Get hash	malicious	HTMLPhisher	Browse	2.23.209.37
	https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLr	Get hash	malicious	HTMLPhisher	Browse	2.23.209.42
	205.185.124.50-mips-2024-07-03T23_47_54.elf	Get hash	malicious	Mirai, Moobot	Browse	195.59.60.235
	ztGOiA742S.elf	Get hash	malicious	Unknown	Browse	217.135.37.116
	jxnRJIvUKz.elf	Get hash	malicious	Mirai	Browse	194.221.96.177
	https://vogelgormanplc-my.sharepoint.com/:o:/g/personal/mcook_vgllaw_com/EoWNEiRfVRJGgG47q5PYhKIBkV4CjNWUYZjZU9msILDe-Q?e=5%3akZcnSr&at=9&xsdata=MDV8MDJ8bWljaGFlbC5tY2d1aXJlQHhjZWxlbmVyZ3kuY29tfDMwN2U0MjVlMmE1MTQwYjJkYjg1MDhkYzliOTRmMTNhfDI0YjJhNTgzNWMwNTRiNmFiNGU5NGUxMmRjMDAyNWFkfDB8MHw2Mzg1NTYzMTEyNDIyMTkzODh8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDB8fHw%3d&sdata=dWtMc0lWaVl3YitOcHQ2VURyZ0hXdUMxNk9mMFJEY3JRc3Rob3U2emVDYz0%3d	Get hash	malicious	HTMLPhisher	Browse	2.23.209.42
	https://vogelgormanplc-my.sharepoint.com/:o:/g/personal/mcook_vgllaw_com/EoWNEiRfVRJGgG47q5PYhKIBkV4CjNWUYZjZU9msILDe-Q?e=5%3akZcnSr&at=9&xsdata=MDV8MDJ8bWljaGFlbC5tY2d1aXJlQHhjZWxlbmVyZ3kuY29tfDMwN2U0MjVlMmE1MTQwYjJkYjg1MDhkYzliOTRmMTNhfDI0YjJhNTgzNWMwNTRiNmFiNGU5NGUxMmRjMDAyNWFkfDB8MHw2Mzg1NTYzMTEyNDIyMTkzODh8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDB8fHw%3d&sdata=dWtMc0lWaVl3YitOcHQ2VURyZ0hXdUMxNk9mMFJEY3JRc3Rob3U2emVDYz0%3d	Get hash	malicious	HTMLPhisher	Browse	2.23.209.24
AMAZON-AESUS	goPhzZ.exe	Get hash	malicious	RemCom RemoteAdmin, Mimikatz, DUMPNTLM, Metasploit	Browse	18.208.156.248
	https://www.metauka.com/buscar.php?q=8xdlpb%22%3E%3C%69%6D%67%20%73%72%63%3D%22%69%6D%61%67%65%2E%6A%70%67%22%20%6F%6E%65%72%72%6F%72%3D%22%76%61%72%20%75%72%6C%31%20%3D%20%5B%27%68%74%74%70%3A%2F%2F%67%27%2C%27%6F%6F%67%27%2C%27%6C%65%2E%63%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%20%76%61%72%20%75%72%6C%32%20%3D%20%5B%27%68%74%74%70%3A%2F%2F%67%27%2C%27%6F%6F%67%27%2C%27%6C%65%2E%63%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%76%61%72%20%75%72%6C%20%3D%20%5B%27%68%27%2C%27%74%74%27%2C%27%70%27%2C%27%73%3A%2F%27%2C%27%2F%77%27%2C%27%77%77%2E%77%27%2C%27%65%62%27%2C%27%77%61%74%63%27%2C%27%68%65%72%27%2C%27%6F%6E%27%2C%27%6C%27%2C%27%69%6E%27%2C%27%65%2E%78%27%2C%27%79%7A%27%2C%27%2F%32%27%2C%27%35%27%2C%27%50%42%27%2C%27%4E%5A%27%2C%27%39%27%2C%27%39%2F%37%27%2C%27%43%35%27%2C%27%58%33%27%2C%27%53%57%27%2C%27%34%2F%3F%73%75%62%31%3D16%26%73%75%62%32%3D309%2D14441%26%73%75%62%33%3D1271%2D102518%2D22496%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%20%75%72%6C%20%3D%20%75%72%6C%2E%72%65%70%6C%61%63%65%28%2F%2C%2F%67%2C%20%27%27%29%3B%20%76%61%72%20%77%69%6E%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%75%72%6C%2C%20%27%5F%73%65%6C%66%27%29%3B%20%77%69%6E%2E%6F%70%65%6E%65%72%20%3D%20%6E%75%6C%6C%3B%20%77%69%6E%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%75%72%6C%29%3B%22%3E#h6fmSBGiZh8X20Zr6k7p	Get hash	malicious	Unknown	Browse	52.205.223.226
	http://sectocarewl.online/mona-michelle/	Get hash	malicious	Unknown	Browse	52.44.76.179
	https://anp.ab9.mywebsitetransfer.com/edd	Get hash	malicious	Unknown	Browse	54.243.157.39
	https://eaglecomputersystems.com/	Get hash	malicious	Unknown	Browse	52.23.44.153
	https://prometals.co.za/	Get hash	malicious	Unknown	Browse	34.204.146.159
	https://help-app-metamaskii.gitbook.io/us	Get hash	malicious	Unknown	Browse	3.223.122.65
	https://heatpt.com/	Get hash	malicious	Unknown	Browse	35.169.243.125
	https://my-site-103570-106139.weeblysite.com/	Get hash	malicious	Unknown	Browse	50.19.89.137
CWVodafoneGroupPLCEU	https://fastupload.io/1824d409732f30be	Get hash	malicious	Unknown	Browse	2.23.197.190
	https://fastupload.io/1824d409732f30be	Get hash	malicious	Unknown	Browse	2.23.197.190
	https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLr	Get hash	malicious	HTMLPhisher	Browse	2.23.209.37
	https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLr	Get hash	malicious	HTMLPhisher	Browse	2.23.209.42
	205.185.124.50-mips-2024-07-03T23_47_54.elf	Get hash	malicious	Mirai, Moobot	Browse	195.59.60.235
	ztGOiA742S.elf	Get hash	malicious	Unknown	Browse	217.135.37.116
	jxnRJIvUKz.elf	Get hash	malicious	Mirai	Browse	194.221.96.177
	https://vogelgormanplc-my.sharepoint.com/:o:/g/personal/mcook_vgllaw_com/EoWNEiRfVRJGgG47q5PYhKIBkV4CjNWUYZjZU9msILDe-Q?e=5%3akZcnSr&at=9&xsdata=MDV8MDJ8bWljaGFlbC5tY2d1aXJlQHhjZWxlbmVyZ3kuY29tfDMwN2U0MjVlMmE1MTQwYjJkYjg1MDhkYzliOTRmMTNhfDI0YjJhNTgzNWMwNTRiNmFiNGU5NGUxMmRjMDAyNWFkfDB8MHw2Mzg1NTYzMTEyNDIyMTkzODh8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDB8fHw%3d&sdata=dWtMc0lWaVl3YitOcHQ2VURyZ0hXdUMxNk9mMFJEY3JRc3Rob3U2emVDYz0%3d	Get hash	malicious	HTMLPhisher	Browse	2.23.209.42
	https://vogelgormanplc-my.sharepoint.com/:o:/g/personal/mcook_vgllaw_com/EoWNEiRfVRJGgG47q5PYhKIBkV4CjNWUYZjZU9msILDe-Q?e=5%3akZcnSr&at=9&xsdata=MDV8MDJ8bWljaGFlbC5tY2d1aXJlQHhjZWxlbmVyZ3kuY29tfDMwN2U0MjVlMmE1MTQwYjJkYjg1MDhkYzliOTRmMTNhfDI0YjJhNTgzNWMwNTRiNmFiNGU5NGUxMmRjMDAyNWFkfDB8MHw2Mzg1NTYzMTEyNDIyMTkzODh8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDB8fHw%3d&sdata=dWtMc0lWaVl3YitOcHQ2VURyZ0hXdUMxNk9mMFJEY3JRc3Rob3U2emVDYz0%3d	Get hash	malicious	HTMLPhisher	Browse	2.23.209.24
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	94.245.104.56
	UlVCqlQ0lF.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	13.107.21.200
	arm7-20240707-0306.elf	Get hash	malicious	Mirai	Browse	23.100.229.141
	arm5-20240707-0306.elf	Get hash	malicious	Mirai	Browse	20.98.156.81
	file.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	13.107.21.200
	https://anp.ab9.mywebsitetransfer.com/edd	Get hash	malicious	Unknown	Browse	20.8.91.96
	https://41619ec8e8407cbea965833e1fb35e027cd895bdef33c8d4bb7a06d460.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://f4dfc3a6ab223a609ab2682120fd9f431b51dcff8df1312719112d196d.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://islandhouse-470927714.phsafarilodge.co.zm/	Get hash	malicious	Unknown	Browse	13.107.246.60
FASTLYUS	Fax-ScannerDaiichi-sankyo.htm	Get hash	malicious	HTMLPhisher	Browse	104.244.43.131
	http://sectocarewl.online/mona-michelle/	Get hash	malicious	Unknown	Browse	199.232.196.193
	http://ipfs.io/ipfs/bafkreig67laqctkbcpqgnju77gx73en5q3sbc3lxzw7kpoxxfdodcctjaa	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	http://dev-005454452441.pantheonsite.io/	Get hash	malicious	Unknown	Browse	23.185.0.1
	https://18b03de5-136a-42be-b26e-3fcb7fc3a767-00-39mzoh574apng.spock.replit.dev/english.html	Get hash	malicious	Unknown	Browse	151.101.2.137
	https://kainat-zia.github.io/Netflix	Get hash	malicious	Unknown	Browse	185.199.110.153
	https://itssachindey.github.io/Video-53-Project-1-	Get hash	malicious	Unknown	Browse	185.199.108.153
	https://ralphs-sublime-site-7b219a.webflow.io/	Get hash	malicious	Unknown	Browse	151.101.2.188
	http://best-practice-and-impact.github.io/govcookiecutter/	Get hash	malicious	Unknown	Browse	185.199.108.153

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe	http://wavebrowser.co	Get hash	malicious	Unknown	Browse
	Wave Browser.exe	Get hash	malicious	Unknown	Browse
	https://www.googleadservices.com/pagead/aclk?sa=L&ai=CEPSIY7k7Zpu1AY3rkPIP8q21mAvP_pi8d4PY85XiEsq6jPG-ARABIPT5xiVgyeaGi7ykoBqgAcCz_YIDyAEC4AIAqAMByAMIqgSdAk_QZfhjp8EKKRw8Ud-sac3T3jbhfjxjJ1sRhgU3SOjAuI5huqeTvemsIazylmO5A9WU45_edGutcUqL46MvuNtxU89a64S7xhljcSlyUs-dysnWLJ2j0jUpH_gKnco9owTuaX1dg-lH7IYSpQI3MKj-Dr00v1SC_8ZhuzoINVR1E2pcblzJpyD5_udwujRkOY3Fao0Lt8Mai9Sq-EbJfdXMijbwOeNV94FwcwlSMZ7he13IkHy_a1HexFAPvo5qqjQXKG7VuYCajYpF3q5URq0loIuDY5WXWNc5RPV77yzvPDM2ytOukuK76vBmfoFdcFIyWUc5xZIVsm9dr8SzjJNE1z63RwDOkXHpq4VxrPcl1gRfUlqaUGyYeMbOoMAEp9WvltcE4AQBiAWQgcDhTpAGAaAGAoAHqMyCfYgHAZAHAqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB_jCsQKoB_vCsQLYBwHSCCcIABACGB0yAQA6Dp_QgICAgASAwICAgKAoSL39wTpYjsuajM3-hQOxCUbAF_v0mAHVgAoDmAsByAsBqg0CVVPIDQHiDRMIlf2ajM3-hQMVjTVECB3yVg2z2BMM0BUB-BYBgBcBshgJEgLeaBgCIgEA6BgB&ae=1&gclid=Cj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcB&num=1&cid=CAQSQwB7FLtqgUEuOym-5Tn68arUiPJ1jdwPgw46Y6zUHfAkI3hTIEhGQzVeYafsm9LBj6pxutwTRiLFJPhCq9OvYdD7CqQYAQ&sig=AOD64_2G4fRbd2sH1E5jnf1iXQS4SW_Q2g&client=ca-pub-6396844742497208&rf=5&nx=CLICK_X&ny=CLICK_Y&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)&uaw=UACH(wow64)&uafvl=UACH(fullVersionList)&nb=2&adurl=https://browsingwithwave.com/%3Fsrc%3Dd-aff16-cp21142438032%26ob%3Dobgcobedobem%26dvc%3Dc%26k%3D%26crt%3D695418066867%26adp%3D%26plc%3D%26tgt%3D%26sl%3D%26cpd%3D21142438032%26iid%3Dwav%26gclid%3DCj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcB	Get hash	malicious	Unknown	Browse
	https://pdfeditwithwave.com/	Get hash	malicious	Unknown	Browse
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterComRegisterShell64.exe	http://wavebrowser.co	Get hash	malicious	Unknown	Browse
	Wave Browser.exe	Get hash	malicious	Unknown	Browse
	https://www.googleadservices.com/pagead/aclk?sa=L&ai=CEPSIY7k7Zpu1AY3rkPIP8q21mAvP_pi8d4PY85XiEsq6jPG-ARABIPT5xiVgyeaGi7ykoBqgAcCz_YIDyAEC4AIAqAMByAMIqgSdAk_QZfhjp8EKKRw8Ud-sac3T3jbhfjxjJ1sRhgU3SOjAuI5huqeTvemsIazylmO5A9WU45_edGutcUqL46MvuNtxU89a64S7xhljcSlyUs-dysnWLJ2j0jUpH_gKnco9owTuaX1dg-lH7IYSpQI3MKj-Dr00v1SC_8ZhuzoINVR1E2pcblzJpyD5_udwujRkOY3Fao0Lt8Mai9Sq-EbJfdXMijbwOeNV94FwcwlSMZ7he13IkHy_a1HexFAPvo5qqjQXKG7VuYCajYpF3q5URq0loIuDY5WXWNc5RPV77yzvPDM2ytOukuK76vBmfoFdcFIyWUc5xZIVsm9dr8SzjJNE1z63RwDOkXHpq4VxrPcl1gRfUlqaUGyYeMbOoMAEp9WvltcE4AQBiAWQgcDhTpAGAaAGAoAHqMyCfYgHAZAHAqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB_jCsQKoB_vCsQLYBwHSCCcIABACGB0yAQA6Dp_QgICAgASAwICAgKAoSL39wTpYjsuajM3-hQOxCUbAF_v0mAHVgAoDmAsByAsBqg0CVVPIDQHiDRMIlf2ajM3-hQMVjTVECB3yVg2z2BMM0BUB-BYBgBcBshgJEgLeaBgCIgEA6BgB&ae=1&gclid=Cj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcB&num=1&cid=CAQSQwB7FLtqgUEuOym-5Tn68arUiPJ1jdwPgw46Y6zUHfAkI3hTIEhGQzVeYafsm9LBj6pxutwTRiLFJPhCq9OvYdD7CqQYAQ&sig=AOD64_2G4fRbd2sH1E5jnf1iXQS4SW_Q2g&client=ca-pub-6396844742497208&rf=5&nx=CLICK_X&ny=CLICK_Y&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)&uaw=UACH(wow64)&uafvl=UACH(fullVersionList)&nb=2&adurl=https://browsingwithwave.com/%3Fsrc%3Dd-aff16-cp21142438032%26ob%3Dobgcobedobem%26dvc%3Dc%26k%3D%26crt%3D695418066867%26adp%3D%26plc%3D%26tgt%3D%26sl%3D%26cpd%3D21142438032%26iid%3Dwav%26gclid%3DCj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcB	Get hash	malicious	Unknown	Browse
	https://pdfeditwithwave.com/	Get hash	malicious	Unknown	Browse
C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterBroker.exe	http://wavebrowser.co	Get hash	malicious	Unknown	Browse
	Wave Browser.exe	Get hash	malicious	Unknown	Browse
	https://www.googleadservices.com/pagead/aclk?sa=L&ai=CEPSIY7k7Zpu1AY3rkPIP8q21mAvP_pi8d4PY85XiEsq6jPG-ARABIPT5xiVgyeaGi7ykoBqgAcCz_YIDyAEC4AIAqAMByAMIqgSdAk_QZfhjp8EKKRw8Ud-sac3T3jbhfjxjJ1sRhgU3SOjAuI5huqeTvemsIazylmO5A9WU45_edGutcUqL46MvuNtxU89a64S7xhljcSlyUs-dysnWLJ2j0jUpH_gKnco9owTuaX1dg-lH7IYSpQI3MKj-Dr00v1SC_8ZhuzoINVR1E2pcblzJpyD5_udwujRkOY3Fao0Lt8Mai9Sq-EbJfdXMijbwOeNV94FwcwlSMZ7he13IkHy_a1HexFAPvo5qqjQXKG7VuYCajYpF3q5URq0loIuDY5WXWNc5RPV77yzvPDM2ytOukuK76vBmfoFdcFIyWUc5xZIVsm9dr8SzjJNE1z63RwDOkXHpq4VxrPcl1gRfUlqaUGyYeMbOoMAEp9WvltcE4AQBiAWQgcDhTpAGAaAGAoAHqMyCfYgHAZAHAqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB_jCsQKoB_vCsQLYBwHSCCcIABACGB0yAQA6Dp_QgICAgASAwICAgKAoSL39wTpYjsuajM3-hQOxCUbAF_v0mAHVgAoDmAsByAsBqg0CVVPIDQHiDRMIlf2ajM3-hQMVjTVECB3yVg2z2BMM0BUB-BYBgBcBshgJEgLeaBgCIgEA6BgB&ae=1&gclid=Cj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcB&num=1&cid=CAQSQwB7FLtqgUEuOym-5Tn68arUiPJ1jdwPgw46Y6zUHfAkI3hTIEhGQzVeYafsm9LBj6pxutwTRiLFJPhCq9OvYdD7CqQYAQ&sig=AOD64_2G4fRbd2sH1E5jnf1iXQS4SW_Q2g&client=ca-pub-6396844742497208&rf=5&nx=CLICK_X&ny=CLICK_Y&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)&uaw=UACH(wow64)&uafvl=UACH(fullVersionList)&nb=2&adurl=https://browsingwithwave.com/%3Fsrc%3Dd-aff16-cp21142438032%26ob%3Dobgcobedobem%26dvc%3Dc%26k%3D%26crt%3D695418066867%26adp%3D%26plc%3D%26tgt%3D%26sl%3D%26cpd%3D21142438032%26iid%3Dwav%26gclid%3DCj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcB	Get hash	malicious	Unknown	Browse
	https://pdfeditwithwave.com/	Get hash	malicious	Unknown	Browse

Process:	C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	111000
Entropy (8bit):	6.520895887440003
Encrypted:	false
SSDEEP:	3072:VPY5KTfLLX8YrWqY7/pTXb77Kxl4uZiT9XZwoDfrYeR48qy6peTUnZuh6o7YmzUY:a17KmbkGVkT7wuT76B+jXM
MD5:	57428456C6E6C2EA328C864681DB5DF3
SHA1:	2DC7329E0B346C435B6EA5CF44A3D0A076F8D398
SHA-256:	EE87747102EBA8844939352740D0BB6C4A67F10C2656961CB2722CD42BA99F40
SHA-512:	40FB34FCE07F094FDAF78C499A21C3F534F0C8AE1246B6CF382EA7E63FA08B4DE56E6C81EB8FADCE8A2E508AE5D03831590A06FFDA3D46026FB894E4997F31B0
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Joe Sandbox View:	Filename: , Detection: malicious, Browse Filename: Wave Browser.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: , Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z^+..0x..0x..0x.s3y..0x.s5yK.0x.s4y..0x?k5y..0x?k4y..0x?k3y..0xpj5y..0x.s1y..0x..1x..0xzj9y..0xzj.x..0x...x..0xzj2y..0xRich..0x........PE..L....W.e....................f.......x.......@....@.......................................@.................................\a..x....p...5...............)......T...l]..T...................x^.......]..@............`..X............................text....(......................... ..`.data...`....@......................@....idata..2....`.......8..............@..@.rsrc....5...p...6...B..............@..@.reloc..T............x..............@..B................................................................................................................................................................................................................................................................................................

Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	4286
Entropy (8bit):	3.8046022951415335
Encrypted:	false
SSDEEP:	24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
MD5:	DA597791BE3B6E732F0BC8B20E38EE62
SHA1:	1125C45D285C360542027D7554A5C442288974DE
SHA-256:	5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
SHA-512:	D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
Malicious:	false
Preview:	...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	60373
Entropy (8bit):	6.079253008328437
Encrypted:	false
SSDEEP:	1536:iMSzMtXija+4YyOBsK22DUkV91j5OvBV0mkzkcHyGgLx:iMSuij7GOCK22AkVKf5kz3m
MD5:	F03FBBB9BEE37DD8AC0A2C6CD72ECA4A
SHA1:	965C2827996A5668F6918516430667D8AB29F65C
SHA-256:	5D1D655C0813204871D8B8A4B5D81FDEBE5C2BDD354A1F4E3885EB98209E5967
SHA-512:	8318077455D2A41D7F7DE5DDE50758053193F9C719BE0CA1EAD5500F43BFA2A3C6DD97CECC659395566845D9B1B137E3576D07B25151A5DA5402AB65BC7E7965
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13364816069218291","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd1

Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	126
Entropy (8bit):	4.954873031287063
Encrypted:	false
SSDEEP:	3:D9yRtFwsSxzqC+eAs9jrHFk6uMhOqTUL5wKb:JUF+FqCqm9ubL5Zb
MD5:	58B5D740985DC466285D3FF3622DB605
SHA1:	58D7EDEFFCA13AD9D397C76C066CDB001F4A97E8
SHA-256:	A83049355FD19839E9D1F3D80C06462F6BD122BAFDFF2E4F5A4145573678F25A
SHA-512:	4FCD57D5B561B2B7F09E9F7EF58DD2A1F397FF604FDB96251B384374DCC3555A791A9FE553E61D571D794F282F4DC5D22F86AB3593549D5E3233DCB4B15EB44F
Malicious:	false
Preview:	<root><item name="pageVersions" value="{"hp":"20240705.27"}" ltime="1253524448" htime="31117387" /></root>

Process:	C:\Users\user\Desktop\Wave Browser.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	7245
Entropy (8bit):	4.626353932121824
Encrypted:	false
SSDEEP:	96:MhVhK9nt6A4CP12KmxZIRQf6WeInhV/Z2PjrZxKtctiK6LA8Ze771X4Lt5K2:cVwL6Ot2KmxZgQf6OnhVMCBve771Xsk2
MD5:	B19AC2BD095A52FBC10735E05D319D17
SHA1:	56A11DBC7E19CC7BE850E5AAE3F2BD0911D13EC4
SHA-256:	FA230C84CDAD728A901445D198D9EAAB4D863AC742A870C1D762241A330269FE
SHA-512:	CA53E4FD9878E17AE6A13EA3A3ABA8A40210D72FA15334B609CA1ABBE7B46C58363AEFD62C5CF40316757BBE55D4F20262F01C5A818880FDA7F07BE50BAC8970
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fprq2\fcharset0 Times New Roman;}{\f1\froman\fprq2 Times New Roman;}}..{\colortbl ;\red0\green0\blue255;}..{\\generator Riched20 10.0.19041}{\\mmathPr\mdispDef1\mwrapIndent1440 }\viewkind4\uc1 ..\pard\sa200\sl276\slmult1\kerning1\f0\fs22 Easily transition from your current default browser to Wave by importing your existing browser settings. The settings import feature is optional from the installer screen.\par..You acknowledge that Wave Browser offers multiple features that utilize the extension platform. These features are standard when the browser is installed and cannot be removed. More information about these features can be found at {{\field{\*\fldinst{HYPERLINK https://wavebrowser.co/about/ }}{\fldrslt{https://wavebrowser.co/about/\ul0\cf0}}}}\f0\fs22 .\par..\f1\bullet Wave Browser is free to install and use and can be removed at any time. Additional offers include a free Wave PRO trial and

Entrypoint:	0x4031d6
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x65CD209D [Wed Feb 14 20:20:45 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	3abe302b6d9a1256e6a915429af4ffd2

Signature Valid:	true
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	14/09/2023 01:00:00 21/07/2026 00:59:59
Subject Chain	CN=Wavesor Software (Eightpoint Technologies Ltd. SEZC), O=Wavesor Software (Eightpoint Technologies Ltd. SEZC), L=George Town, C=KY, SERIALNUMBER=314202, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=KY
Version:	3
Thumbprint MD5:	AECFC3F717D06635CB33A3E5ECD51CBF
Thumbprint SHA-1:	2EA4ADE8719DE01274C5A3BAF694B91E339BDA79
Thumbprint SHA-256:	89F225CC1B03AB2BDCEF6B5D4606EEAC8B5B9CF289ED5FF3659240BCD3A7FA72
Serial:	09D77A45C1C09755AE3E7A5153983C03

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7430	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3a000	0x2b8e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xfa7a8	0x25a8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x298	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5f0d	0x6000	a04138503cbcc902263bedc7fedd6947	False	0.6649576822916666	data	6.450391437698698	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x1250	0x1400	4856bbf2a79b612f639ebd55d68c4d02	False	0.4287109375	data	5.001085207233966	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x1a818	0x400	06c5105864978df88e34770eefada5da	False	0.6376953125	data	5.129587811765307	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x24000	0x16000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3a000	0x2b8e0	0x2ba00	7ce2afbb04e20bb68c9bc0454fe2f456	False	0.33573603151862463	data	5.623985242990102	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x3a388	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m	English	United States	0.14971016207263693
RT_ICON	0x4abb0	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 3779 x 3779 px/m	English	United States	0.19292621400042043
RT_ICON	0x54058	0x6573	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.998767856455277
RT_ICON	0x5a5d0	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m	English	United States	0.2827113840340104
RT_ICON	0x5e7f8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m	English	United States	0.35643153526970955
RT_ICON	0x60da0	0x1a68	Device independent bitmap graphic, 40 x 80 x 32, image size 6400, resolution 3779 x 3779 px/m	English	United States	0.39571005917159763
RT_ICON	0x62808	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m	English	United States	0.47303001876172607
RT_ICON	0x638b0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 3779 x 3779 px/m	English	United States	0.5651639344262295
RT_ICON	0x64238	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1600, resolution 3779 x 3779 px/m	English	United States	0.6122093023255814
RT_ICON	0x648f0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m	English	United States	0.7047872340425532
RT_DIALOG	0x64d58	0x202	data	English	United States	0.4182879377431907
RT_DIALOG	0x64f60	0xf8	data	English	United States	0.6330645161290323
RT_DIALOG	0x65058	0xee	data	English	United States	0.6260504201680672
RT_GROUP_ICON	0x65148	0x92	data	English	United States	0.7054794520547946
RT_VERSION	0x651e0	0x2d8	data	English	United States	0.45467032967032966
RT_MANIFEST	0x654b8	0x423	XML 1.0 document, ASCII text, with very long lines (1059), with no line terminators	English	United States	0.5127478753541076

DLL	Import
KERNEL32.dll	GetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
USER32.dll	ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
ADVAPI32.dll	AdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Target ID:	0
Start time:	04:53:57
Start date:	07/07/2024
Path:	C:\Users\user\Desktop\Wave Browser.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Wave Browser.exe"
Imagebase:	0x400000
File size:	1'035'600 bytes
MD5 hash:	938C6A14B9132727C3D29951610100D0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	1
Start time:	04:54:04
Start date:	07/07/2024
Path:	C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\nstDC9E.tmp\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"
Imagebase:	0xd70000
File size:	815'792 bytes
MD5 hash:	18693249F3A283E83B8179E692FFBBA9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 8%, ReversingLabs
Reputation:	moderate
Has exited:	true

Target ID:	2
Start time:	04:54:05
Start date:	07/07/2024
Path:	C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"
Imagebase:	0x640000
File size:	111'000 bytes
MD5 hash:	57428456C6E6C2EA328C864681DB5DF3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 3%, ReversingLabs
Reputation:	moderate
Has exited:	true

Target ID:	7
Start time:	04:54:06
Start date:	07/07/2024
Path:	C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /c
Imagebase:	0xc30000
File size:	111'000 bytes
MD5 hash:	57428456C6E6C2EA328C864681DB5DF3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	12
Start time:	04:54:07
Start date:	07/07/2024
Path:	C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /registermsihelper
Imagebase:	0xc30000
File size:	111'000 bytes
MD5 hash:	57428456C6E6C2EA328C864681DB5DF3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	13
Start time:	04:54:08
Start date:	07/07/2024
Path:	C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9Ins1RjRENDdGRS1CNDQ4LTQzNDAtQjY1Qi03QUYyNDVFRTc5MEN9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0iezVEOUEyNUNELTJDQkQtNDIxMS1CM0MzLTIxMEREQzcxNjk4MH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjEzMy4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTAxNiIvPjwvYXBwPjwvcmVxdWVzdD4
Imagebase:	0xc30000
File size:	111'000 bytes
MD5 hash:	57428456C6E6C2EA328C864681DB5DF3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	15
Start time:	04:54:09
Start date:	07/07/2024
Path:	C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /uninstall
Imagebase:	0xc30000
File size:	111'000 bytes
MD5 hash:	57428456C6E6C2EA328C864681DB5DF3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	16
Start time:	04:54:15
Start date:	07/07/2024
Path:	C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswRjU4QTAwRC00MTc1LTREODctQUIwMi1FRTlCMTQ0OTczNjF9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJ1bmluc3RhbGwiIHJlcXVlc3RpZD0ie0IwNEYxMzYzLTQxQTgtNDg2RS1BOTU4LTEzMUZDNTcwRTEwOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RUIxNDlBRDItQ0U0RS00RjUxLUI3RkMtQTE0OUZBQTRDQ0FGfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSI0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
Imagebase:	0xc30000
File size:	111'000 bytes
MD5 hash:	57428456C6E6C2EA328C864681DB5DF3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	18
Start time:	04:54:18
Start date:	07/07/2024
Path:	C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe"
Imagebase:	0x880000
File size:	213'400 bytes
MD5 hash:	D40BD627BFB2BA39C5452A71A450EABD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 8%, ReversingLabs
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Wave Browser.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Privilege Escalation

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdater.exe

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterBroker.exe

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterComRegisterShell64.exe

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterCore.exe

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterOnDemand.exe

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\SWUpdaterSetup.exe

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psmachine.dll

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psmachine_64.dll

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psuser.dll

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\psuser_64.dll

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\swupdater.dll

C:\Program Files (x86)\Wavesor\Temp\GUMF7C6.tmp\swupdaterres_en.dll

C:\Program Files (x86)\Wavesor\Temp\GUTF7C7.tmp

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0057d959-6bdb-445f-868b-f22e7ee60a28.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1325ae8c-4ef5-4256-b83b-775b1ca692dd.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\18ff81bc-2183-46c3-9fc8-de6b23eb36d5.tmp

Windows Analysis Report
Wave Browser.exe

Target ID:	22
Start time:	04:54:26
Start date:	07/07/2024
Path:	C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Wavesor Software\SWUpdater\1.3.133.0\SWUpdaterCore.exe"
Imagebase:	0x880000
File size:	213'400 bytes
MD5 hash:	D40BD627BFB2BA39C5452A71A450EABD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	26
Start time:	04:54:27
Start date:	07/07/2024
Path:	C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
Wow64 process (32bit):	true
Commandline:	"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Imagebase:	0x110000
File size:	85'632 bytes
MD5 hash:	F9A898A606E7F5A1CD7CFFA8079253A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	29
Start time:	04:54:28
Start date:	07/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=404b2 --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff67dcd0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	32
Start time:	04:54:31
Start date:	07/07/2024
Path:	C:\Program Files\Internet Explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Internet Explorer\iexplore.exe"
Imagebase:	0x7ff6044a0000
File size:	834'512 bytes
MD5 hash:	CFE2E6942AC1B72981B3105E22D3224E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	33
Start time:	04:54:32
Start date:	07/07/2024
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7944 CREDAT:17414 /prefetch:2
Imagebase:	0x5e0000
File size:	828'368 bytes
MD5 hash:	6F0F06D6AB125A99E43335427066A4A1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Target ID:	35
Start time:	04:54:34
Start date:	07/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=2020,i,5026019351485379267,1651319541682861894,262144 /prefetch:8
Imagebase:	0x7ff6b0b00000
File size:	1'255'976 bytes
MD5 hash:	76C58E5BABFE4ACF0308AA646FC0F416
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	37
Start time:	04:54:44
Start date:	07/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Imagebase:	0x7ff67dcd0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	39
Start time:	04:54:47
Start date:	07/07/2024
Path:	C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9InswRjU4QTAwRC00MTc1LTREODctQUIwMi1FRTlCMTQ0OTczNjF9IiB1c2VyaWQ9IntjMWU4MGI5OS1hN2M1LTQwY2YtYTg4Mi0yYzAwYjY4OGZkYTZ9IiBpbnN0YWxsc291cmNlPSJ1bmluc3RhbGwiIHJlcXVlc3RpZD0iezMyNzQ0Q0IzLUQ3M0EtNEQ5NC1BMkIyLUM1ODIwNUE0NDJBQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iMS4zLjEzMy4wIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9Ii0xIj48ZXZlbnQgZXZlbnR0eXBlPSI0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
Imagebase:	0xc30000
File size:	111'000 bytes
MD5 hash:	57428456C6E6C2EA328C864681DB5DF3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	40
Start time:	04:54:52
Start date:	07/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Imagebase:	0x7ff67dcd0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	41
Start time:	04:54:53
Start date:	07/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=2004,i,761526046158747839,15104522579484344094,262144 /prefetch:3
Imagebase:	0x7ff67dcd0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true