Analysis
-
max time kernel
458s -
max time network
1141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
14-07-2024 16:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
WaveInstaller.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
14 signatures
1800 seconds
General
-
Target
WaveInstaller.exe
-
Size
2.4MB
-
MD5
089dd964c48674b3b4f6a763e6d6ce87
-
SHA1
b47510e2c8cf4445c6c7d18ac1d7e470c9c16c2d
-
SHA256
77a7db0fbc13dea55b22b02fec1df3a7000f1850a92bc6d251def80526b8b1d6
-
SHA512
450b21e7dec87f580837f27f393dc4ead02941b68667cdaa52adf0f1a4c239756f7e26a2d42ab2869badac84e16d55096a5c61d09a5a219f529ea72bbf226370
-
SSDEEP
49152:1inbTKfysiSSCA7w8hL9IM8xMg+YLplcHJTizTSMbUlg/BFiif/MlXm:1in6JG/7t19X8x/PEHJaVUlgC/c
Malware Config
Extracted
Family
xworm
C2
email-champions.gl.at.ply.gg:50458
Attributes
-
Install_directory
%Temp%
-
install_file
svchost.exe
-
telegram
https://api.telegram.org/bot6814850214:AAGtrnkhUh3vMq-wH7W5cvNuSWLdcy7mtis/sendMessage?chat_id=7094837950
Signatures
-
Detect Xworm Payload 2 IoCs
resource yara_rule behavioral1/files/0x0008000000023441-5.dat family_xworm behavioral1/memory/3564-14-0x0000000000570000-0x000000000058A000-memory.dmp family_xworm -
Command and Scripting Interpreter: PowerShell 1 TTPs 56 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
pid Process 2052 Process not Found 1268 Process not Found 3296 powershell.exe 2884 Process not Found 972 Process not Found 940 powershell.exe 4544 Process not Found 1904 Process not Found 4696 powershell.exe 4976 Process not Found 1164 Process not Found 4828 Process not Found 1656 Process not Found 4396 Process not Found 4204 Process not Found 2316 Process not Found 1412 Process not Found 4080 Process not Found 1076 Process not Found 2056 Process not Found 1652 powershell.exe 4544 Process not Found 400 Process not Found 3796 Process not Found 2544 Process not Found 4204 Process not Found 2464 Process not Found 1020 Process not Found 4364 Process not Found 1496 Process not Found 1216 Process not Found 5096 Process not Found 2296 Process not Found 5096 Process not Found 2468 Process not Found 2808 Process not Found 1296 Process not Found 4604 Process not Found 3304 powershell.exe 3576 powershell.exe 1784 Process not Found 1124 Process not Found 4316 Process not Found 4364 Process not Found 1352 Process not Found 212 Process not Found 1068 Process not Found 2808 Process not Found 4976 Process not Found 4008 Process not Found 4564 Process not Found 2760 Process not Found 1328 Process not Found 1264 Process not Found 5076 powershell.exe 4904 powershell.exe -
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation WaveInstaller.exe Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation WaveInstaller.exe Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation WaveInstaller.exe Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation WaveInstaller.exe Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation WaveInstaller.exe Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation WaveInstaller.exe Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation WaveInstaller.exe Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation WaveInstaller.exe Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation WaveInstaller.exe Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation WaveInstaller.exe -
Executes dropped EXE 64 IoCs
pid Process 4828 WaveInstaller.exe 3564 WaveInstall5r.exe 1408 WaveInstaller.exe 2168 WaveInstall5r.exe 3688 WaveInstaller.exe 4948 WaveInstall5r.exe 224 WaveInstaller.exe 1876 WaveInstall5r.exe 3020 WaveInstaller.exe 1228 WaveInstall5r.exe 208 WaveInstaller.exe 1416 WaveInstall5r.exe 3844 WaveInstaller.exe 388 WaveInstall5r.exe 524 WaveInstaller.exe 1692 WaveInstall5r.exe 632 WaveInstaller.exe 552 WaveInstall5r.exe 5096 WaveInstaller.exe 2316 WaveInstall5r.exe 1864 WaveInstaller.exe 4708 WaveInstall5r.exe 1728 WaveInstaller.exe 2704 WaveInstall5r.exe 1660 WaveInstaller.exe 1028 WaveInstall5r.exe 3200 WaveInstaller.exe 1916 WaveInstall5r.exe 3912 WaveInstaller.exe 4396 WaveInstall5r.exe 2176 WaveInstaller.exe 3516 WaveInstall5r.exe 3540 WaveInstaller.exe 4504 WaveInstall5r.exe 4300 WaveInstaller.exe 2992 WaveInstall5r.exe 1236 WaveInstaller.exe 4456 WaveInstall5r.exe 336 WaveInstaller.exe 2548 WaveInstall5r.exe 4248 WaveInstaller.exe 4240 WaveInstall5r.exe 1672 WaveInstaller.exe 4988 WaveInstall5r.exe 4684 WaveInstaller.exe 2164 WaveInstall5r.exe 3020 WaveInstaller.exe 4340 WaveInstall5r.exe 408 WaveInstaller.exe 632 WaveInstall5r.exe 1972 WaveInstaller.exe 2500 WaveInstall5r.exe 3876 WaveInstaller.exe 664 WaveInstall5r.exe 1068 WaveInstaller.exe 4100 WaveInstall5r.exe 1800 WaveInstaller.exe 4084 WaveInstall5r.exe 1716 WaveInstaller.exe 184 WaveInstall5r.exe 1976 WaveInstaller.exe 940 WaveInstall5r.exe 2372 WaveInstaller.exe 448 WaveInstall5r.exe -
Looks up external IP address via web service 7 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 65 ip-api.com 73 ip-api.com 86 ip-api.com 91 ip-api.com 12 ip-api.com 41 ip-api.com 57 ip-api.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 14 IoCs
pid Process 1408 Process not Found 5048 Process not Found 4800 Process not Found 4000 Process not Found 3528 Process not Found 4596 Process not Found 3192 Process not Found 2940 Process not Found 2264 timeout.exe 1484 Process not Found 664 Process not Found 2816 Process not Found 1712 Process not Found 4364 Process not Found -
Scheduled Task/Job: Scheduled Task 1 TTPs 14 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 2080 schtasks.exe 3220 Process not Found 2428 Process not Found 4836 schtasks.exe 1800 Process not Found 2704 Process not Found 4060 Process not Found 900 Process not Found 2796 Process not Found 1200 Process not Found 4716 Process not Found 4904 Process not Found 1628 Process not Found 2796 Process not Found -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3304 powershell.exe 3304 powershell.exe 3304 powershell.exe 1652 powershell.exe 1652 powershell.exe 1652 powershell.exe 5076 powershell.exe 5076 powershell.exe 5076 powershell.exe 4696 powershell.exe 4696 powershell.exe 4696 powershell.exe 3564 WaveInstall5r.exe 3564 WaveInstall5r.exe 3296 powershell.exe 3296 powershell.exe 3296 powershell.exe 3576 powershell.exe 3576 powershell.exe 3576 powershell.exe 940 powershell.exe 940 powershell.exe 940 powershell.exe 4904 powershell.exe 4904 powershell.exe 4904 powershell.exe 2384 WaveInstall5r.exe 2384 WaveInstall5r.exe 4544 Process not Found 4544 Process not Found 4544 Process not Found 4364 Process not Found 4364 Process not Found 4364 Process not Found 4976 Process not Found 4976 Process not Found 4976 Process not Found 1164 Process not Found 1164 Process not Found 1164 Process not Found 4020 Process not Found 4020 Process not Found 1352 Process not Found 1352 Process not Found 1352 Process not Found 4008 Process not Found 4008 Process not Found 4008 Process not Found 5096 Process not Found 5096 Process not Found 5096 Process not Found 1216 Process not Found 1216 Process not Found 1216 Process not Found 1460 Process not Found 1460 Process not Found 2316 Process not Found 2316 Process not Found 2316 Process not Found 212 Process not Found 212 Process not Found 212 Process not Found 1784 Process not Found 1784 Process not Found -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 3564 WaveInstall5r.exe Token: SeDebugPrivilege 2168 WaveInstall5r.exe Token: SeDebugPrivilege 4948 WaveInstall5r.exe Token: SeDebugPrivilege 1876 WaveInstall5r.exe Token: SeDebugPrivilege 1228 WaveInstall5r.exe Token: SeDebugPrivilege 1416 WaveInstall5r.exe Token: SeDebugPrivilege 388 WaveInstall5r.exe Token: SeDebugPrivilege 1692 WaveInstall5r.exe Token: SeDebugPrivilege 552 WaveInstall5r.exe Token: SeDebugPrivilege 2316 WaveInstall5r.exe Token: SeDebugPrivilege 4708 WaveInstall5r.exe Token: SeDebugPrivilege 2704 WaveInstall5r.exe Token: SeDebugPrivilege 1028 WaveInstall5r.exe Token: SeDebugPrivilege 1916 WaveInstall5r.exe Token: SeDebugPrivilege 4396 WaveInstall5r.exe Token: SeDebugPrivilege 3516 WaveInstall5r.exe Token: SeDebugPrivilege 4504 WaveInstall5r.exe Token: SeDebugPrivilege 2992 WaveInstall5r.exe Token: SeDebugPrivilege 4456 WaveInstall5r.exe Token: SeDebugPrivilege 2548 WaveInstall5r.exe Token: SeDebugPrivilege 4240 WaveInstall5r.exe Token: SeDebugPrivilege 4988 WaveInstall5r.exe Token: SeDebugPrivilege 2164 WaveInstall5r.exe Token: SeDebugPrivilege 4340 WaveInstall5r.exe Token: SeDebugPrivilege 3304 powershell.exe Token: SeDebugPrivilege 632 WaveInstall5r.exe Token: SeDebugPrivilege 2500 WaveInstall5r.exe Token: SeDebugPrivilege 664 WaveInstall5r.exe Token: SeDebugPrivilege 1652 powershell.exe Token: SeDebugPrivilege 4100 WaveInstall5r.exe Token: SeDebugPrivilege 4084 WaveInstall5r.exe Token: SeDebugPrivilege 184 WaveInstall5r.exe Token: SeDebugPrivilege 5076 powershell.exe Token: SeDebugPrivilege 940 WaveInstall5r.exe Token: SeDebugPrivilege 448 WaveInstall5r.exe Token: SeDebugPrivilege 3236 WaveInstall5r.exe Token: SeDebugPrivilege 4696 powershell.exe Token: SeDebugPrivilege 900 WaveInstall5r.exe Token: SeDebugPrivilege 1488 WaveInstall5r.exe Token: SeDebugPrivilege 2704 WaveInstall5r.exe Token: SeDebugPrivilege 2392 WaveInstall5r.exe Token: SeDebugPrivilege 4888 WaveInstall5r.exe Token: SeDebugPrivilege 4288 WaveInstall5r.exe Token: SeDebugPrivilege 4368 WaveInstall5r.exe Token: SeDebugPrivilege 4948 WaveInstall5r.exe Token: SeDebugPrivilege 2760 WaveInstall5r.exe Token: SeDebugPrivilege 3096 WaveInstall5r.exe Token: SeDebugPrivilege 3756 WaveInstall5r.exe Token: SeDebugPrivilege 2604 WaveInstall5r.exe Token: SeDebugPrivilege 3564 WaveInstall5r.exe Token: SeDebugPrivilege 1092 WaveInstall5r.exe Token: SeDebugPrivilege 3840 WaveInstall5r.exe Token: SeDebugPrivilege 764 WaveInstall5r.exe Token: SeDebugPrivilege 2280 WaveInstall5r.exe Token: SeDebugPrivilege 4460 WaveInstall5r.exe Token: SeDebugPrivilege 3876 WaveInstall5r.exe Token: SeDebugPrivilege 4004 WaveInstall5r.exe Token: SeDebugPrivilege 1068 WaveInstall5r.exe Token: SeDebugPrivilege 1876 WaveInstall5r.exe Token: SeDebugPrivilege 3416 WaveInstall5r.exe Token: SeDebugPrivilege 3348 WaveInstall5r.exe Token: SeDebugPrivilege 464 WaveInstall5r.exe Token: SeDebugPrivilege 3288 WaveInstall5r.exe Token: SeDebugPrivilege 1140 WaveInstall5r.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 3564 WaveInstall5r.exe 2384 WaveInstall5r.exe 4020 Process not Found 1460 Process not Found 4548 Process not Found 2668 Process not Found 4956 Process not Found 1552 Process not Found 3740 Process not Found 936 Process not Found 4872 Process not Found 4848 Process not Found 1464 Process not Found -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1908 wrote to memory of 4828 1908 WaveInstaller.exe 86 PID 1908 wrote to memory of 4828 1908 WaveInstaller.exe 86 PID 1908 wrote to memory of 4828 1908 WaveInstaller.exe 86 PID 1908 wrote to memory of 3564 1908 WaveInstaller.exe 87 PID 1908 wrote to memory of 3564 1908 WaveInstaller.exe 87 PID 4828 wrote to memory of 1408 4828 WaveInstaller.exe 88 PID 4828 wrote to memory of 1408 4828 WaveInstaller.exe 88 PID 4828 wrote to memory of 1408 4828 WaveInstaller.exe 88 PID 4828 wrote to memory of 2168 4828 WaveInstaller.exe 89 PID 4828 wrote to memory of 2168 4828 WaveInstaller.exe 89 PID 1408 wrote to memory of 3688 1408 WaveInstaller.exe 90 PID 1408 wrote to memory of 3688 1408 WaveInstaller.exe 90 PID 1408 wrote to memory of 3688 1408 WaveInstaller.exe 90 PID 1408 wrote to memory of 4948 1408 WaveInstaller.exe 91 PID 1408 wrote to memory of 4948 1408 WaveInstaller.exe 91 PID 3688 wrote to memory of 224 3688 WaveInstaller.exe 92 PID 3688 wrote to memory of 224 3688 WaveInstaller.exe 92 PID 3688 wrote to memory of 224 3688 WaveInstaller.exe 92 PID 3688 wrote to memory of 1876 3688 WaveInstaller.exe 93 PID 3688 wrote to memory of 1876 3688 WaveInstaller.exe 93 PID 224 wrote to memory of 3020 224 WaveInstaller.exe 134 PID 224 wrote to memory of 3020 224 WaveInstaller.exe 134 PID 224 wrote to memory of 3020 224 WaveInstaller.exe 134 PID 224 wrote to memory of 1228 224 WaveInstaller.exe 95 PID 224 wrote to memory of 1228 224 WaveInstaller.exe 95 PID 3020 wrote to memory of 208 3020 WaveInstaller.exe 136 PID 3020 wrote to memory of 208 3020 WaveInstaller.exe 136 PID 3020 wrote to memory of 208 3020 WaveInstaller.exe 136 PID 3020 wrote to memory of 1416 3020 WaveInstaller.exe 97 PID 3020 wrote to memory of 1416 3020 WaveInstaller.exe 97 PID 208 wrote to memory of 3844 208 WaveInstaller.exe 179 PID 208 wrote to memory of 3844 208 WaveInstaller.exe 179 PID 208 wrote to memory of 3844 208 WaveInstaller.exe 179 PID 208 wrote to memory of 388 208 WaveInstaller.exe 99 PID 208 wrote to memory of 388 208 WaveInstaller.exe 99 PID 3844 wrote to memory of 524 3844 WaveInstaller.exe 100 PID 3844 wrote to memory of 524 3844 WaveInstaller.exe 100 PID 3844 wrote to memory of 524 3844 WaveInstaller.exe 100 PID 3844 wrote to memory of 1692 3844 WaveInstaller.exe 101 PID 3844 wrote to memory of 1692 3844 WaveInstaller.exe 101 PID 524 wrote to memory of 632 524 WaveInstaller.exe 138 PID 524 wrote to memory of 632 524 WaveInstaller.exe 138 PID 524 wrote to memory of 632 524 WaveInstaller.exe 138 PID 524 wrote to memory of 552 524 WaveInstaller.exe 103 PID 524 wrote to memory of 552 524 WaveInstaller.exe 103 PID 632 wrote to memory of 5096 632 WaveInstaller.exe 104 PID 632 wrote to memory of 5096 632 WaveInstaller.exe 104 PID 632 wrote to memory of 5096 632 WaveInstaller.exe 104 PID 632 wrote to memory of 2316 632 WaveInstaller.exe 105 PID 632 wrote to memory of 2316 632 WaveInstaller.exe 105 PID 5096 wrote to memory of 1864 5096 WaveInstaller.exe 193 PID 5096 wrote to memory of 1864 5096 WaveInstaller.exe 193 PID 5096 wrote to memory of 1864 5096 WaveInstaller.exe 193 PID 5096 wrote to memory of 4708 5096 WaveInstaller.exe 107 PID 5096 wrote to memory of 4708 5096 WaveInstaller.exe 107 PID 1864 wrote to memory of 1728 1864 WaveInstaller.exe 108 PID 1864 wrote to memory of 1728 1864 WaveInstaller.exe 108 PID 1864 wrote to memory of 1728 1864 WaveInstaller.exe 108 PID 1864 wrote to memory of 2704 1864 WaveInstaller.exe 166 PID 1864 wrote to memory of 2704 1864 WaveInstaller.exe 166 PID 1728 wrote to memory of 1660 1728 WaveInstaller.exe 110 PID 1728 wrote to memory of 1660 1728 WaveInstaller.exe 110 PID 1728 wrote to memory of 1660 1728 WaveInstaller.exe 110 PID 1728 wrote to memory of 1028 1728 WaveInstaller.exe 241 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1908 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4828 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1408 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3688 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:208 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3844 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:524 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5096 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1864 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1728 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"14⤵
- Executes dropped EXE
PID:1660 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"15⤵
- Executes dropped EXE
PID:3200 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"16⤵
- Executes dropped EXE
PID:3912 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"17⤵
- Executes dropped EXE
PID:2176 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"18⤵
- Executes dropped EXE
PID:3540 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"19⤵
- Executes dropped EXE
PID:4300 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"20⤵
- Executes dropped EXE
PID:1236 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"21⤵
- Executes dropped EXE
PID:336 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"22⤵
- Executes dropped EXE
PID:4248 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"23⤵
- Executes dropped EXE
PID:1672 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"24⤵
- Checks computer location settings
- Executes dropped EXE
PID:4684 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"25⤵
- Executes dropped EXE
PID:3020 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"26⤵
- Executes dropped EXE
PID:408 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"27⤵
- Executes dropped EXE
PID:1972 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"28⤵
- Executes dropped EXE
PID:3876 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"29⤵
- Executes dropped EXE
PID:1068 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"30⤵
- Executes dropped EXE
PID:1800 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"31⤵
- Executes dropped EXE
PID:1716 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"32⤵
- Executes dropped EXE
PID:1976 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"33⤵
- Executes dropped EXE
PID:2372 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"34⤵PID:4992
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"35⤵PID:2884
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"36⤵PID:4700
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"37⤵PID:4184
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"38⤵PID:1896
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"39⤵PID:1068
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"40⤵PID:2916
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"41⤵PID:1528
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"42⤵PID:4264
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"43⤵PID:3460
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"44⤵PID:3844
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"45⤵PID:4576
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"46⤵PID:2936
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"47⤵PID:3852
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"48⤵PID:3352
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"49⤵PID:1124
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"50⤵PID:1864
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"51⤵PID:2264
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"52⤵PID:1284
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"53⤵PID:4392
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"54⤵PID:4616
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"55⤵PID:1940
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"56⤵PID:4384
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"57⤵PID:3460
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"58⤵PID:3228
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"59⤵PID:888
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"60⤵PID:2088
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"61⤵PID:2884
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"62⤵PID:2796
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"63⤵PID:2384
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"64⤵PID:5048
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"65⤵PID:2952
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"66⤵PID:2496
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"67⤵PID:624
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"68⤵PID:3104
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"69⤵PID:752
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"70⤵PID:3236
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"71⤵PID:4604
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"72⤵PID:2176
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"73⤵PID:868
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"74⤵PID:1028
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"75⤵PID:972
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"76⤵PID:336
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"77⤵PID:3560
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"78⤵
- Checks computer location settings
PID:3100 -
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"79⤵PID:1228
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"80⤵PID:4384
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"81⤵PID:2020
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"82⤵PID:4388
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"83⤵PID:632
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"84⤵PID:1888
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"85⤵PID:5104
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"86⤵PID:460
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"87⤵PID:1304
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"88⤵PID:4620
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"89⤵PID:2340
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"90⤵PID:224
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"91⤵PID:2044
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"92⤵PID:2576
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"93⤵PID:4696
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"94⤵PID:4408
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"95⤵PID:4364
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"96⤵PID:4204
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"97⤵PID:552
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"98⤵PID:4376
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"99⤵PID:2688
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"100⤵PID:4688
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"101⤵PID:3688
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"102⤵PID:940
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"103⤵PID:64
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"104⤵PID:3892
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"105⤵PID:4760
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"106⤵PID:2684
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"107⤵PID:4424
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"108⤵PID:920
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"109⤵PID:4456
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"110⤵PID:3716
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"111⤵PID:1164
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"112⤵PID:4796
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"113⤵PID:4964
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"114⤵PID:4716
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"115⤵PID:4776
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"116⤵PID:2348
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"117⤵PID:2284
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"118⤵PID:3456
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"119⤵PID:4520
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"120⤵PID:1216
-
C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"C:\Users\Admin\AppData\Local\Temp\WaveInstaller.exe"121⤵PID:3580
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-