IOC Report
WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe

loading gif

Files

File Path
Type
Category
Malicious
WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
C:\Users\user\AppData\Local\Temp\nsk1CF9.tmp\setup_patch_1.5.18.2_from_1.3.16.1.packed.7z
7-zip archive data, version 0.4
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe
"C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe"

URLs

Name
IP
Malicious
https://wavebrowser.co/termshttps://wavebrowser.co/privacyhttps://wavebrowser.co/changelog
unknown
https://api.wavebrowserbase.com/log/imp/e/chr_offer_declined/d/
unknown
http://nsis.sf.net/NSIS_Error
unknown
https://api.wavebrowserbase.com/inst/
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://wavebrowser.co/terms
unknown
https://wavebrowser.co/changelog
unknown
https://wavebrowser.co/privacy
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations

Memdumps

Base Address
Regiontype
Protect
Malicious
9B000
stack
page read and write
7AF000
stack
page read and write
1D0000
heap
page read and write
429000
unkown
page read and write
96E000
stack
page read and write
409000
unkown
page read and write
271E000
stack
page read and write
400000
unkown
page readonly
407000
unkown
page readonly
416000
unkown
page read and write
4A0000
heap
page read and write
401000
unkown
page execute read
2220000
heap
page read and write
43A000
unkown
page readonly
2290000
heap
page read and write
8F0000
heap
page read and write
4A8000
heap
page read and write
4E4000
heap
page read and write
407000
unkown
page readonly
424000
unkown
page read and write
420000
unkown
page read and write
400000
unkown
page readonly
7EE000
stack
page read and write
19A000
stack
page read and write
228E000
stack
page read and write
8EF000
stack
page read and write
A6F000
stack
page read and write
288D000
heap
page read and write
282F000
stack
page read and write
26DF000
stack
page read and write
409000
unkown
page write copy
43A000
unkown
page readonly
30000
heap
page read and write
401000
unkown
page execute read
6AE000
stack
page read and write
There are 25 hidden memdumps, click here to show them.