Interesting, I had the same for mine except the ping wasn't encrypted- only base64 encoded. HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WaveBrowserĬ:\WINDOWS\SYSTEM32\TASKS\Wavesor Software_*\WaveBrowser-StartAtLogin HKU\*\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\wavebrowser.exe HKU\*\SOFTWARE\CLIENTS\STARTMENUINTERNET\WaveBrowser.* HKU\*\WavesorSWUpdater.Update3WebUser.1.0
HKU\*\WavesorSWUpdater.Update3COMClassUser.1.0 HKU\*\WavesorSWUpdater.Update3COMClassUser HKU\*\WavesorSWUpdater.PolicyStatusUser.1.0 HKU\*\WavesorSWUpdater.OnDemandCOMClassUser.1.0 HKU\*\WavesorSWUpdater.OnDemandCOMClassUser HKU\*\WavesorSWUpdater.CredentialDialogUser HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Wavesor Software_*\WaveBrowser-StartAtLogin Apologies for the jacked up regex:Īlso seeing /swupdater.*\.updatestar\.com/ It also creates scheduled tasks, autostart reg entries, new CLSID's under the user's SID, lnk files, and different permutations of wavebrowser.exe. Test before adding anything across your env.ĭefinitely blocking domains/killing processes. Live chat available 6-6PT M-F via the Support Portalĭon't trust my regex.
No SLA for assistance - CrowdStrike Customer Success advises you to engage with a Support case to express any high priority issues.Your Views Are Your Own - Topics and comments on /r/crowdstrike do not necessarily reflect official views of CrowdStrike.Avoid entering sensitive information from which your identity is apparent or can be reasonably ascertained.Do not post disparaging comments about competitive products or otherwise. Posts must be about CrowdStrike products and/or product functionality.Search by: Query Help Troubleshooting Feature Questions Feature Requests (requires login) RULES Subreddit Rules
0 kommentar(er)
