Play interactive tour

Edit tour

Analysis Report Wave Browser_cg5vc6cx_.exe

Overview

General Information

Sample Name:	Wave Browser_cg5vc6cx_.exe
Analysis ID:	407799
MD5:	5d999339f21d3a6b4ee9726874d6fbc5
SHA1:	a8dcf803b4a15d0fb5dde36dbee571d2f3fa53b0
SHA256:	33111d45c6e463b267685b51faefb49565d3e517a30940338e285c52e019e1a6
Infos:
Most interesting Screenshot:

Detection

Score:	42
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	21
Range:	0 - 100

Signatures

Creates a thread in another existing process (thread injection)

Found API chain indicative of debugger detection

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Antivirus or Machine Learning detection for unpacked file

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to launch a process as a different user

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

DLL planting / hijacking vulnerabilities found

Detected potential crypto function

Drops PE files

EXE planting / hijacking vulnerabilities found

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file contains strange resources

Queries keyboard layouts

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Too many similar processes found

Uses 32bit PE files

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Startup

System is w10x64

Wave Browser_cg5vc6cx_.exe (PID: 6284 cmdline: 'C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe' MD5: 5D999339F21D3A6B4EE9726874D6FBC5)

setup.exe (PID: 3028 cmdline: 'C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe' --install-archive='C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z' --do-not-register-for-update-launch --make-chrome-default MD5: C0364BBC1A78CE97482F4A0B0DDBAD08)

setup.exe (PID: 7124 cmdline: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0 MD5: C0364BBC1A78CE97482F4A0B0DDBAD08)

setdf.exe (PID: 7108 cmdline: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe 'C:\Users\user\AppData\Local\Temp\af85ff68-db96-4195-b531-f1a4aee5bead.tmp' MD5: 6573AEE829B967E22C3B984DF199250B)

conhost.exe (PID: 5860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

wavebrowser.exe (PID: 3124 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --prevdefbrowser=2 --install-type=1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 4928 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6748 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 7032 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=1796 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 7072 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 1376 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6800 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6492 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 4296 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6840 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 7012 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 5524 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 2088 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6456 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6864 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6828 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 5588 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 4944 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6548 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 5088 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 7016 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Source: 0.1.Wave Browser_cg5vc6cx_.exe.729e0000.2.unpack	Avira: Label: TR/Crypt.XPACK.Gen7
Source: 0.1.Wave Browser_cg5vc6cx_.exe.729e0000.1.unpack	Avira: Label: TR/Crypt.XPACK.Gen7

Privilege Escalation:

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: WINSTA.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: LINKINFO.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: WTSAPI32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: CompPkgSup.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DMCmnUtils.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: VERSION.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dxva2.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dwmapi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mfplat.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: MDMRegistration.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DEVOBJ.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: CRYPTBASE.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ColorAdapterClient.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: NTASN1.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: evr.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: D3DCompiler_47.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DCIMAN32.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mfperfhelper.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mscms.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dxgi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: RTWorkQ.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: OLEACC.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: KBDUS.DLL	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msauddecmft.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msmpeg2vdec.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msvproc.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mf.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ddraw.dll

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\Installer\setup.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser_proxy.exe	Jump to behavior

Compliance:

DLL planting / hijacking vulnerabilities found

Show sources

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: WINSTA.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: LINKINFO.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: WTSAPI32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: CompPkgSup.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DMCmnUtils.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: VERSION.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dxva2.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dwmapi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mfplat.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: MDMRegistration.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DEVOBJ.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: CRYPTBASE.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ColorAdapterClient.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: NTASN1.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: evr.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: D3DCompiler_47.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DCIMAN32.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mfperfhelper.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mscms.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dxgi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: RTWorkQ.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: OLEACC.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: KBDUS.DLL	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msauddecmft.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msmpeg2vdec.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msvproc.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mf.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ddraw.dll

EXE planting / hijacking vulnerabilities found

Show sources

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\Installer\setup.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser_proxy.exe	Jump to behavior

Uses 32bit PE files

Show sources

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Creates a software uninstall entry

Show sources

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Registry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WaveBrowser

Jump to behavior

Creates install or setup log file

Show sources

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

File created: C:\Users\user\AppData\Local\Temp\wavebrowser_installer.log

Jump to behavior

Creates license or readme file

Show sources

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

File created: C:\Users\user\AppData\Local\Temp\3124_696802910\LICENSE.txt

Jump to behavior

PE / OLE file has a valid certificate

Show sources

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: certificate valid

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 143.204.209.86:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.11.52:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.81.120:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.81.120:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.109:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.109:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.11.52:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.23.34.82:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.23.34.82:443 -> 192.168.2.4:49799 version: TLS 1.2

Contains modern PE file flags such as dynamic base (ASLR) or NX

Show sources

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Binary contains paths to debug symbols

Show sources

Source:	Binary string: setup.exe.pdb source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp, setup.exe, 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp
Source:	Binary string: wavebrowser.exe.pdb source: setup.exe, 00000004.00000003.726318035.00000236057B1000.00000004.00000001.sdmp
Source:	Binary string: wavebrowser_proxy.exe.pdb source: setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp

Spreading:

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_0040626D FindFirstFileA,FindClose,	0_2_0040626D
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_00405732 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405732
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67845AC9D FindFirstFileExW,	4_2_00007FF67845AC9D
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67845AC9D FindFirstFileExW,	5_2_00007FF67845AC9D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F425D FindFirstFileExW,	12_2_00007FF7DD3F425D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F425D FindFirstFileExW,	14_2_00007FF7DD3F425D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F425D FindFirstFileExW,	15_2_00007FF7DD3F425D

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Networking:

Source: Joe Sandbox View

IP Address: 151.101.2.109 151.101.2.109

Source: Joe Sandbox View	JA3 fingerprint: b32309a26951912be7dba376398abc3b
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.19.115
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.19.115
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.19.115
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109

Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: !-us1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"policy":{"last_statistics_update":"13264921254244811"},"privacy_budget":{"generation":1,"randomizer_seed":"7292703696600211514"},"profile":{"info_cache":{"Default":{"active_time":1620447664.255391,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_given_name":"","gaia_id":"","gaia_name":"","is_consented_primary_account":false,"is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":t
Source: setup.exe, 00000004.00000002.741629920.0000023603A65000.00000004.00000020.sdmp	String found in binary or memory: ":"www.mywavehome.net","uc":"20210508","dfn":"Wave Browser","domain":"wavebrowser.co","re_url":"http://","source":"-lp0-bb6-brwsr","user_id":"ff016ddb-5584-4b46-b38e-499f2baf1385","useragent":"BRWSR-GENERIC","adprovider":"appfocus1","implementation_id":"wav","keyword":null,"Branding":"wav","Vertical":"","IpAddress":"50.234.242.107","CampaignId":null,"HasOffersId":null,"AwConversionId":null,"AwAccountNumber":null,"ConversionValue":2.5,"GoogleAnalyticsId":null,"HasOffersTransactionId":null,"ShouldFirePixel":false,"GoogleClickId":null,"seUrl":"https://search.yahoo.com/search?p={searchTerms}","tsj":null,"StubStarted":false} equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version infor
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version infor
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version infor
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version infor
Source: wavebrowser.exe, 0000000B.00000003.1733868705.000002B25804E000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"
Source: wavebrowser.exe, 0000000B.00000003.1733868705.000002B25804E000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"
Source: wavebrowser.exe, 0000000B.00000003.1733868705.000002B25804E000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp	String found in binary or memory: //www.yahoo.com/favicon. "id"X* equals www.yahoo.com (Yahoo)
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp	String found in binary or memory: //www.yahoo.com/favicon. equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: 7d_bypolicy":false,"avicon_url":"htp://www.yahoo.c equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmp	String found in binary or memory: 9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_c
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmp	String found in binary or memory: 9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_c
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmp	String found in binary or memory: 9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_c
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: 9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_c
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: 9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_c
Source: wavebrowser.exe, 0000000B.00000003.1733803466.000002B258044000.00000004.00000001.sdmp	String found in binary or memory: :0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"pol
Source: wavebrowser.exe, 0000000B.00000003.1733868705.000002B25804E000.00000004.00000001.sdmp	String found in binary or memory: :0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"pol
Source: wavebrowser.exe, 0000000B.00000003.1733803466.000002B258044000.00000004.00000001.sdmp	String found in binary or memory: :0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"pol
Source: wavebrowser.exe, 0000000B.00000003.1733868705.000002B25804E000.00000004.00000001.sdmp	String found in binary or memory: :0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"pol
Source: wavebrowser.exe, 0000000B.00000003.1729302764.000002B257F3C000.00000004.00000001.sdmp	String found in binary or memory: b\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_check_data":{},"sensors":{},"serial_chooser_data":{},"serial_guard":{},"site_engagement":{},"sound":{},"ssl_cert_decisions":{},"storage_access":{},"subresource_filter":{},"subresource_filter_data":{},"usb_chooser_data":{},"usb_guard":{},"vr":{},"window_placement":{}},"pref_version":1},"created_by_version":"1.1.0.7","creat\ equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729302764.000002B257F3C000.00000004.00000001.sdmp	String found in binary or memory: b\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_check_data":{},"sensors":{},"serial_chooser_data":{},"serial_guard":{},"site_engagement":{},"sound":{},"ssl_cert_decisions":{},"storage_access":{},"subresource_filter":{},"subresource_filter_data":{},"usb_chooser_data":{},"usb_guard":{},"vr":{},"window_placement":{}},"pref_version":1},"created_by_version":"1.1.0.7","creat\??\pipe\chrome. equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729302764.000002B257F3C000.00000004.00000001.sdmp	String found in binary or memory: b\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_check_data":{},"sensors":{},"serial_chooser_data":{},"serial_guard":{},"site_engagement":{},"sound":{},"ssl_cert_decisions":{},"storage_access":{},"subresource_filter":{},"subresource_filter_data":{},"usb_chooser_data":{},"usb_guard":{},"vr":{},"window_placement":{}},"pref_version":1},"created_by_version":"1.1.0.7","creat\??\pipe\chrome~ equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729302764.000002B257F3C000.00000004.00000001.sdmp	String found in binary or memory: b\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_check_data":{},"sensors":{},"serial_chooser_data":{},"serial_guard":{},"site_engagement":{},"sound":{},"ssl_cert_decisions":{},"storage_access":{},"subresource_filter":{},"subresource_filter_data":{},"usb_chooser_data":{},"usb_guard":{},"vr":{},"window_placement":{}},"pref_version":1},"created_by_version":"1.1.0.7","creat\??\pipe\chrome~fbAQw2Z equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: e_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html"," equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: e_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","p equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: h.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.98520
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: h.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.98520
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: h.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.98520
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: h.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.98520
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: h.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.98520
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.ico26.7.0_05 equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.icooderWakeup6 equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.icorms} equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://www.youtube.com equals www.youtube.com (Youtube)
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://www.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://www.yahoo.com/favicon.ico58 equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: in"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do notE equals www.facebook.com (Facebook)
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: n_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: n_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: p://www.yahoo.c equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: r":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name
Source: wavebrowser.exe, 0000000B.00000003.1729336693.000002B257F63000.00000004.00000001.sdmp	String found in binary or memory: r":{"show_home_button":true},"default_search_provider_data":{"template_url_data":{"alternate_urls":[],"contextual_search_url":"","created_by_policy":false,"created_from_play_api":false,"date_created":"13264921254314996","doodle_url":"","favicon_url":"http://www.yahoo.com/favicon.ico","id":"3","image_url":"","image_url_post_params":"","input_encodings":["UTF-8"],"keyword":"wavebrowser search","last_modified":"13264921254314996","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","prepopulate_id":26,"safe_for_autoreplace":true,"search_url_post_params":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e","url":"https://search.yahoo.com/search?p={searchTerms}","usage_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13264921254555572","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for WaveBrowser.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","permissions":["webstorePrivate","management","system.cpu","system.display","system.memory","system.network","system.storage"],"version":"0.2"},"needs_sync":true,"page_ordinal":"n","path":"C:\\Users\\user\\Wavesor Software\\WaveBrowser\\1.1.0.7\\resources\\web_store","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"cmedgpckncgempanpegahopilddagioh":{"ack_external":true,"lastpingday":"13264844401427237"},"cplonachkpjlngkgbicfcmaelgeojmhe":{"ack_external":true,"lastpingday":"13264844401427237"},"hjbeoheoghofnhfmppfonmlmdanlmjoc":{"ack_external":true,"lastpingday":"13264844401427237"},"kmendfapggjehodndflmmgagdbamhnfd":{"active_permissions":{"api":["cryptotokenPrivate","externally_connectable.all_urls","tabs"],"explicit_host":["http:///","https:///"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13264921254561511","location":5,"manifest":{"background":{"persistent":fals
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: tion_service_first_run_time":"13264921254553502","autocomplete":{"retention_policy_last_version":1},"autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory"
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: tion_service_first_run_time":"13264921254553502","autocomplete":{"retention_policy_last_version":1},"autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory"
Source: wavebrowser.exe, 0000000B.00000002.1774493986.000002B2552C3000.00000004.00000001.sdmp	String found in binary or memory: tion_service_first_run_time":"13264921254553502","autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"h
Source: wavebrowser.exe, 0000000B.00000002.1774493986.000002B2552C3000.00000004.00000001.sdmp	String found in binary or memory: tion_service_first_run_time":"13264921254553502","autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"h
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: us1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"policy":{"last_statistics_update":"13264921254244811"},"privacy_budget":{"generation":1,"randomizer_seed":"7292703696600211514"},"profile":{"info_cache":{"Default":{"active_time":1620447664.255391,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_given_name":"","gaia_id":"","gaia_name":"","is_consented_primary_account":false,"is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":tru
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player"," equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","FPS_BROWSER_APP_PROFILE_STRING=Internet Explorep equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","ISION=5507ProgramData=C:\ProgramDataProgramFilpn equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","\\.\pipe\crashpad_3124_LCESDHZTQULCEWGCCommonPrpR equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","ec=C:\Windows\system32\cmd.exeDriverData=C:\Winp equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","ppData\Local\TempTMP=C:\Users\user\AppData\Locp\| equals www.yahoo.com (Yahoo)
Source: setup.exe, 00000004.00000003.727556981.0000023603A65000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: {"stub":1,"ConversionPixelThrottle":100,"Installed":false,"ntp":"www.mywavehome.net","uc":"20210508","dfn":"Wave Browser","domain":"wavebrowser.co","re_url":"http://","source":"-lp0-bb6-brwsr","user_id":"ff016ddb-5584-4b46-b38e-499f2baf1385","useragent":"BRWSR-GENERIC","adprovider":"appfocus1","implementation_id":"wav","keyword":null,"Branding":"wav","Vertical":"","IpAddress":"50.234.242.107","CampaignId":null,"HasOffersId":null,"AwConversionId":null,"AwAccountNumber":null,"ConversionValue":2.5,"GoogleAnalyticsId":null,"HasOffersTransactionId":null,"ShouldFirePixel":false,"GoogleClickId":null,"seUrl":"https://search.yahoo.com/search?p={searchTerms}","tsj":null,"StubStarted":false} equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: {"stub":1,"ConversionPixelThrottle":100,"Installed":false,"ntp":"www.mywavehome.net","uc":"20210508","dfn":"Wave Browser","domain":"wavebrowser.co","re_url":"http://","source":"-lp0-bb6-brwsr","user_id":"ff016ddb-5584-4b46-b38e-499f2baf1385","useragent":"BRWSR-GENERIC","adprovider":"appfocus1","implementation_id":"wav","keyword":null,"Branding":"wav","Vertical":"","IpAddress":"50.234.242.107","CampaignId":null,"HasOffersId":null,"AwConversionId":null,"AwAccountNumber":null,"ConversionValue":2.5,"GoogleAnalyticsId":null,"HasOffersTransactionId":null,"ShouldFirePixel":false,"GoogleClickId":null,"seUrl":"https://search.yahoo.com/search?p={searchTerms}","tsj":null,"StubStarted":false}SR-GENERIC","adprovideE equals www.yahoo.com (Yahoo)

Source: unknown

DNS traffic detected: queries for: cdn.wavebrowserbase.com

Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://accounts.google.com/
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crx
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: http://code.google.com/p/chromium/issues/entry
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
Source: wavebrowser.exe, 0000000B.00000003.1730731860.000002B257A4B000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
Source: wavebrowser.exe, 0000000B.00000003.765752103.000002B255338000.00000004.00000001.sdmp	String found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://crls.pki.goog/gts
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://crls.pki.goog/gts1c3/fVJxbV-Ktmk.crl0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crt.F
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: setup.exe, 00000004.00000003.740372829.0000023605961000.00000004.00000001.sdmp	String found in binary or memory: http://crt.rootg2.amazontrust.c
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNDY1QUFXN0xyYXk3alhLdzdZUk9VYkQw
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTNiSWgtQVVEaW9x
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0X-1xmR7XgfN7s
Source: wavebrowser.exe, 0000000B.00000002.1782509298.000002B25815C000.00000004.00000001.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw
Source: wavebrowser.exe, 0000000B.00000002.1782509298.000002B25815C000.00000004.00000001.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g3nqJr3Q
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://docs.google.com/
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://drive.google.com/
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTNi
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/Jh_vhqSFpzyp9QNFeobyJw_2021.4.26.1142/OTi
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/VTalr6P9HZbT-DVYB3umiA_92.0.4500.2/Q2DmiS
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://google.com/
Source: setdf.exe, 00000008.00000000.731452554.0000000000406000.00000002.00020000.sdmp	String found in binary or memory: http://kolbi.cz
Source: Wave Browser_cg5vc6cx_.exe, Wave Browser_cg5vc6cx_.exe, 00000000.00000000.670692197.0000000000409000.00000008.00020000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000000.670692197.0000000000409000.00000008.00020000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wavebrowser.exe, 0000000B.00000003.765752103.000002B255338000.00000004.00000001.sdmp	String found in binary or memory: http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQw
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://o.ss2.us/0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki
Source: wavebrowser.exe, 0000000B.00000003.1730731860.000002B257A4B000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1c301
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1c31.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gts1c3.der
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1c31.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gts1c3.der&
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1c31.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gts1c3.dere
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1c31.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gts1c3.derk
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1o1core0
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gtsr100
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gtsr11.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gtsr1.der
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gtsr11.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gtsr1.derI
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.cF
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.rootg2.amazontrust.com08
Source: wavebrowser.exe, 0000000B.00000003.765752103.000002B255338000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sca1b.amazontrust.com
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sca1b.amazontrust.com06
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNDY1QUFXN0xyYXk3alh
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTN
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0X
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhhe
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/Jh_vhqSFpzyp9QNFeobyJw_2021.4.26.1142/OT
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/MmoaAqx6EyttFWlQIReJ8w_20210425.37125334
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/SmnnJY4UYJ0c_jp_Z-xA-A_2021.5.8.1/Xlb8zU
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/VTalr6P9HZbT-DVYB3umiA_92.0.4500.2/Q2Dmi
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/eiM05Tx_uvrJc5zP5ITDnA_9.22.0/AKWRiUwS3E
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://s.ss2.us/r.crl0
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs;
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: http://update.googleapis.com/service/update2/json
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNDY1QUFXN0xyYXk3alhLdzdZUk9V
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTNiSWgtQVVE
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0X-1xmR7Xgf
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-L
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/update2/response
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: wavebrowser.exe, 0000000B.00000002.1756997317.000002B2530A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000003.1729336693.000002B257F63000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.ico
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.ico26.7.0_05
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.icooderWakeup6
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.icorms
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://www.youtube.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://x.ss2.us/x.cer0&
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/AuthSubRevokeToken
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/ClientLogin
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfoPq
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/GetUserInfo
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/OAuthGetAccessToken
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/OAuthGetAccessTokenbq
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/OAuthWrapBridge
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/ServiceLogin
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/ServiceLoginAuth
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/TokenAuth
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/dfh
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/e
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windowsip
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chromeOq
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth/GetOAuthToken/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/authJq
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.co/
Source: setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.co/5
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.co/i?ua=%7B%22strt%22%3A%22inst%22%7D%24BRWSR-GENERIC&uid=ff016d
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.co/i?ua=%7B%22strt%22%3A%22inst%22%7D%24BRWSR-GENERIC&uid=ff016de-499f2b
Source: setup.exe, 00000004.00000002.741597192.0000023603A4B000.00000004.00000020.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.co/i?ua=BRWSR-GENERIC&uid=ff016ddb-5584-4b46-b38e-499f2baf1385&src=-lp0-bb6-
Source: wavebrowser.exe, 0000000B.00000003.1730382497.000002B257F88000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.net/i?ap=appfocus1&iid=wav&src=-lp0-bb6-brwsr-inst&sub=20210508&uid=ff016ddb
Source: setup.exe, 00000004.00000003.740979737.0000023605965000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/
Source: setup.exe, 00000004.00000002.741568928.0000023603A2C000.00000004.00000020.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/Bp
Source: setup.exe, 00000004.00000002.741568928.0000023603A2C000.00000004.00000020.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/M
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/
Source: setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp, setup.exe, 00000004.00000002.741648294.0000023603A77000.00000004.00000020.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_
Source: setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_0E
Source: setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_3
Source: setup.exe, 00000004.00000003.740979737.0000023605965000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_C:
Source: setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_son
Source: setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_sonW
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/log/imp/e/chr_offer_declined/d/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/search/yhs
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/store/user/
Source: setup.exe, 00000004.00000002.741473586.00000236039D0000.00000004.00000020.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/store/user/?id=&iid=wav_Gr
Source: setup.exe, 00000004.00000002.741508731.00000236039FC000.00000004.00000020.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/store/user/?id=&iid=wav_Jr
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://apimvinstall-typenobmnoimportnostartprevdefbrowserwidstrtlditismiautwtsqlihttps://api.wavebr
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://apis.google.com
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/entry?template=Safety
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icodA
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.jsdelivr.net/npm/vuetify
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.747186594.0000000000777000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.747186594.0000000000777000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/D
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/tools/setdf.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/tools/setdf.exe/SILENTsetup.exewavebrowser.packed.7z
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/tools/setdf.exea
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/tools/setdf.exev
Source: wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.g
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.g=404
Source: wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.ge.co
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.googl
Source: wavebrowser.exe, 0000000B.00000003.1729336693.000002B257F63000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore.7
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: wavebrowser.exe, 0000000B.00000002.1773373144.000002B2550CF000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5d
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en$
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GBO
Source: wavebrowser.exe, 0000000B.00000002.1773991509.000002B255219000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GBWeb
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en05
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enShortcut
Source: wavebrowser.exe, 0000000B.00000003.1729895451.000002B2579D8000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enWeb
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enh
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enon.0
Source: wavebrowser.exe, 0000000B.00000002.1773373144.000002B2550CF000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore_info
Source: wavebrowser.exe, 0000000B.00000002.1773373144.000002B2550CF000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstoretaa/
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.googlm/we
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/recordser
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxL
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://clients4.google.com/rappor
Source: wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: https://content-autofill.googleapis.com/
Source: wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: https://content-autofill.googleapis.com/s
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://content.googleapis.com
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779643181.000002B257B07000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780046818.000002B257C87000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: wavebrowser.exe, 0000000B.00000002.1780046818.000002B257C87000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Am
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779643181.000002B257B07000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1cache-control:no-cache
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNDY1QUFXN0xyYXk3alhLdzdZUk9VYkQ
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTNiSWgtQVVEaW9
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0X-1xmR7XgfN7s
Source: wavebrowser.exe, 0000000B.00000002.1782509298.000002B25815C000.00000004.00000001.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g3nqJr3Q
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/?usp=chrome_app
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/drive/settings
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabixAll
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico64
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/Jh_vhqSFpzyp9QNFeobyJw_2021.4.26.1142/OT
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/VTalr6P9HZbT-DVYB3umiA_92.0.4500.2/Q2Dmi
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://feedback.googleusercontent.com
Source: wavebrowser.exe, 0000000B.00000003.1729336693.000002B257F63000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=searchTerms
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:100
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis.com/icon?family=Material
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis.com;
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.gstatic.com;
Source: wavebrowser.exe, 0000000F.00000003.777047665.000001E8CBD3A000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/google/material-design-lite
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://goog.com
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://google.com/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://google.com/revious
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://hangouts.google.com/
Source: setup.exe, 00000004.00000002.741568928.0000023603A2C000.00000004.00000020.sdmp	String found in binary or memory: https://login.live.com
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://mail.google.com/mail
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://mail.google.com/mail/#settings
Source: wavebrowser.exe, 0000000B.00000002.1782575176.000002B258189000.00000004.00000001.sdmp	String found in binary or memory: https://mywavehome.net
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://mywavehome.net/
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://mywavehome.net/(
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://mywavehome.net/I
Source: wavebrowser.exe, 0000000B.00000002.1780046818.000002B257C87000.00000004.00000001.sdmp	String found in binary or memory: https://mywavehome.net/tp//
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetokengq
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://passwords.google.comGoogle
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://payments.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: https://pki.goog/repository/0
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.16494
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/ALnT6ED-gzbBzhu3Ygv5otc_2629/E1V91Um4UF
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/Jh_vhqSFpzyp9QNFeobyJw_2021.4.26.1142/O
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/MmoaAqx6EyttFWlQIReJ8w_20210425.3712533
Source: wavebrowser.exe, 0000000B.00000002.1779643181.000002B257B07000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/SmnnJY4UYJ0c_jp_Z-xA-A_2021.5.8.1/Xlb8z
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/VTalr6P9HZbT-DVYB3umiA_92.0.4500.2/Q2Dm
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/eiM05Tx_uvrJc5zP5ITDnA_9.22.0/AKWRiUwS3
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://sandbox.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.ico
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.ico.2
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icos
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/search?p=
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS0D
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp	String found in binary or memory: https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
Source: wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=blocked
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000003.748897368.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://support.google.com/cloudprint/answer/2541843
Source: wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp	String found in binary or memory: https://ueue.js
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000003.1731473643.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/json
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/jsonX
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/jsonandler
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/jsontor
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.672165292.000000000079B000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/about/
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.672165292.000000000079B000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/about/.
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/privacy/?b=true
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/terms/?b=true
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/terms/?b=truehttps://wavebrowser.co/privacy/?b=true
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.681643384.00000000007A2000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/uninstall/.
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearchFA
Source: wavebrowser.exe, 0000000B.00000003.1730875787.000002B257AC9000.00000004.00000001.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlManaged
Source: wavebrowser.exe, 0000000B.00000003.1729859226.000002B2579CB000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/cloudprint
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://www.google.com/cloudprint#jobs
Source: wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connector
Source: wavebrowser.exe, 0000000B.00000002.1773373144.000002B2550CF000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connectorbut
Source: wavebrowser.exe, 0000000B.00000002.1773373144.000002B2550CF000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/cloudprintC
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNDY1QUFXN0xyYXk3alhLdzdZUk9
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTNiSWgtQVV
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0X-1xmR7Xg
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/Jh_vhqSFpzyp9QNFeobyJw_2021.4.26.1142/OTiHLpDMjC
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icos
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com;
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.http
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/S
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwriter
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox0
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfoUq
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://www.gstatic.com
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/config/plugins_3/plugins_win.json
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.gstatic.com;
Source: wavebrowser.exe, 0000000B.00000002.1774100618.000002B255225000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000003.1729635403.000002B257F15000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1774100618.000002B255225000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp, wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: https://www.mywavehome.net/?u=ff016ddb-5584-4b46-b38e-499f2baf1385&i=wav&sub=20210508&mv=true
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/?u=ff016ddb-5584-4b46-b38e-499f2baf1385&i=wav&sub=20210508&mv=true&src=-l
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp	String found in binary or memory: https://www.mywavehome.net/?u=ff016ddb-5584-4b46-b38e-499f2baf1385&i=wav&sub=20210508&mv=true6ddb-55
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/U
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/Y
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/ash
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/favicon.ico
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/favicon.icoV
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/favicon.icor
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/favicon.icoration
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/s
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.w3.gb
Source: wavebrowser.exe, 0000000B.00000002.1779400342.000002B257A94000.00000004.00000001.sdmp	String found in binary or memory: https://www.wavebrowser.co/about/?ext=EnhancedResultSettings
Source: wavebrowser.exe, 0000000B.00000002.1779400342.000002B257A94000.00000004.00000001.sdmp	String found in binary or memory: https://www.wavebrowser.co/about/?ext=HTTPSChecker
Source: wavebrowser.exe, 0000000B.00000003.1729859226.000002B2579CB000.00000004.00000001.sdmp	String found in binary or memory: https://www.wavebrowser.co/about/?ext=WaveMenu
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.wavebrowser.co/about/?ext=WaveMenusion
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://www.yahoo.com/favicon.ico
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://www.yahoo.com/favicon.ico58

Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 143.204.209.86:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.11.52:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.81.120:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.81.120:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.109:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.109:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.11.52:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.23.34.82:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.23.34.82:443 -> 192.168.2.4:49799 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Code function: 0_2_004051CF GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004051CF

DDoS:

Source: wavebrowser.exe

Process created: 42

System Summary:

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 4_2_00007FF6784599AC CreateProcessAsUserW,DestroyEnvironmentBlock,

4_2_00007FF6784599AC

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Code function: 0_2_004031D6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004031D6

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_00404A0E	0_2_00404A0E
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_004065F6	0_2_004065F6
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678463AA0	4_2_00007FF678463AA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844E1B0	4_2_00007FF67844E1B0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678447150	4_2_00007FF678447150
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844D940	4_2_00007FF67844D940
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678450160	4_2_00007FF678450160
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678466960	4_2_00007FF678466960
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B2A00	4_2_00007FF6784B2A00
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678445230	4_2_00007FF678445230
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844A230	4_2_00007FF67844A230
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6785591F0	4_2_00007FF6785591F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844B1F0	4_2_00007FF67844B1F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784559E0	4_2_00007FF6784559E0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B7290	4_2_00007FF6784B7290
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67848EAA0	4_2_00007FF67848EAA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67847C310	4_2_00007FF67847C310
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678463310	4_2_00007FF678463310
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678445300	4_2_00007FF678445300
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678449330	4_2_00007FF678449330
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67845433D	4_2_00007FF67845433D
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678443B70	4_2_00007FF678443B70
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678456B60	4_2_00007FF678456B60
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678450430	4_2_00007FF678450430
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678464430	4_2_00007FF678464430
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67845F3D0	4_2_00007FF67845F3D0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67846F4A0	4_2_00007FF67846F4A0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678463470	4_2_00007FF678463470
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678444C60	4_2_00007FF678444C60
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784DED10	4_2_00007FF6784DED10
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67846A590	4_2_00007FF67846A590
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844A590	4_2_00007FF67844A590
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67848BDA0	4_2_00007FF67848BDA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678462DA5	4_2_00007FF678462DA5
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784ED620	4_2_00007FF6784ED620
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784C5DD0	4_2_00007FF6784C5DD0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784445C0	4_2_00007FF6784445C0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B75F0	4_2_00007FF6784B75F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678445DF0	4_2_00007FF678445DF0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678613E78	4_2_00007FF678613E78
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678455670	4_2_00007FF678455670
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678464F00	4_2_00007FF678464F00
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678454F30	4_2_00007FF678454F30
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844B720	4_2_00007FF67844B720
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678455EC0	4_2_00007FF678455EC0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678558790	4_2_00007FF678558790
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678449010	4_2_00007FF678449010
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678576800	4_2_00007FF678576800
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B7FD0	4_2_00007FF6784B7FD0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B77D0	4_2_00007FF6784B77D0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67855EFF0	4_2_00007FF67855EFF0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B4050	4_2_00007FF6784B4050
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844C039	4_2_00007FF67844C039
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67845D870	4_2_00007FF67845D870
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67859E850	4_2_00007FF67859E850
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678461910	4_2_00007FF678461910
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844E1B0	5_2_00007FF67844E1B0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678447150	5_2_00007FF678447150
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844D940	5_2_00007FF67844D940
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678450160	5_2_00007FF678450160
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678466960	5_2_00007FF678466960
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B2A00	5_2_00007FF6784B2A00
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678445230	5_2_00007FF678445230
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844A230	5_2_00007FF67844A230
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6785591F0	5_2_00007FF6785591F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844B1F0	5_2_00007FF67844B1F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784559E0	5_2_00007FF6784559E0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B7290	5_2_00007FF6784B7290
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67848EAA0	5_2_00007FF67848EAA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678463AA0	5_2_00007FF678463AA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67847C310	5_2_00007FF67847C310
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678463310	5_2_00007FF678463310
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678445300	5_2_00007FF678445300
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678449330	5_2_00007FF678449330
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678457BA7	5_2_00007FF678457BA7
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67845433D	5_2_00007FF67845433D
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678443B70	5_2_00007FF678443B70
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678456B60	5_2_00007FF678456B60
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678450430	5_2_00007FF678450430
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678464430	5_2_00007FF678464430
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67845F3D0	5_2_00007FF67845F3D0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784ADC90	5_2_00007FF6784ADC90
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67846F4A0	5_2_00007FF67846F4A0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678463470	5_2_00007FF678463470
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678444C60	5_2_00007FF678444C60
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784DED10	5_2_00007FF6784DED10
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784594C0	5_2_00007FF6784594C0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67846A590	5_2_00007FF67846A590
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844A590	5_2_00007FF67844A590
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67848BDA0	5_2_00007FF67848BDA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678462DA5	5_2_00007FF678462DA5
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784ED620	5_2_00007FF6784ED620
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784C5DD0	5_2_00007FF6784C5DD0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784445C0	5_2_00007FF6784445C0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B75F0	5_2_00007FF6784B75F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678445DF0	5_2_00007FF678445DF0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678613E78	5_2_00007FF678613E78
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678455670	5_2_00007FF678455670
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678464F00	5_2_00007FF678464F00
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678454F30	5_2_00007FF678454F30
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844B720	5_2_00007FF67844B720
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678455EC0	5_2_00007FF678455EC0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678558790	5_2_00007FF678558790
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678449010	5_2_00007FF678449010
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844C000	5_2_00007FF67844C000
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678576800	5_2_00007FF678576800
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B7FD0	5_2_00007FF6784B7FD0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B77D0	5_2_00007FF6784B77D0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B4050	5_2_00007FF6784B4050
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67845D870	5_2_00007FF67845D870
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67859E850	5_2_00007FF67859E850
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678461910	5_2_00007FF678461910
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_004026A0	8_2_004026A0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00402140	8_2_00402140
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00401FC0	8_2_00401FC0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00401780	8_2_00401780
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40A060	12_2_00007FF7DD40A060
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DEA70	12_2_00007FF7DD3DEA70
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FB460	12_2_00007FF7DD3FB460
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E2420	12_2_00007FF7DD3E2420
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD416E70	12_2_00007FF7DD416E70
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40AEE0	12_2_00007FF7DD40AEE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F7F00	12_2_00007FF7DD3F7F00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD403D20	12_2_00007FF7DD403D20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FDD20	12_2_00007FF7DD3FDD20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40DD30	12_2_00007FF7DD40DD30
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F1D40	12_2_00007FF7DD3F1D40
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD412E00	12_2_00007FF7DD412E00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F0DB0	12_2_00007FF7DD3F0DB0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D3DC0	12_2_00007FF7DD3D3DC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FCDC0	12_2_00007FF7DD3FCDC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3ECDC0	12_2_00007FF7DD3ECDC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E4090	12_2_00007FF7DD3E4090
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40F0C0	12_2_00007FF7DD40F0C0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E6FE0	12_2_00007FF7DD3E6FE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40BA80	12_2_00007FF7DD40BA80
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D4A30	12_2_00007FF7DD3D4A30
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F3A27	12_2_00007FF7DD3F3A27
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3EDAE0	12_2_00007FF7DD3EDAE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3ECAF0	12_2_00007FF7DD3ECAF0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D4B00	12_2_00007FF7DD3D4B00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E9B10	12_2_00007FF7DD3E9B10
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D6950	12_2_00007FF7DD3D6950
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F29E0	12_2_00007FF7DD3F29E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD4299F0	12_2_00007FF7DD4299F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD5369D0	12_2_00007FF7DD5369D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD527C24	12_2_00007FF7DD527C24
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD53CD04	12_2_00007FF7DD53CD04
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD530C0C	12_2_00007FF7DD530C0C
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DB680	12_2_00007FF7DD3DB680
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E0690	12_2_00007FF7DD3E0690
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DC580	12_2_00007FF7DD3DC580
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD405550	12_2_00007FF7DD405550
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D55F0	12_2_00007FF7DD3D55F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F1860	12_2_00007FF7DD3F1860
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FC855	12_2_00007FF7DD3FC855
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DC8E2	12_2_00007FF7DD3DC8E2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD4B2780	12_2_00007FF7DD4B2780
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40D740	12_2_00007FF7DD40D740
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E87A0	12_2_00007FF7DD3E87A0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DD7C0	12_2_00007FF7DD3DD7C0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FF270	12_2_00007FF7DD3FF270
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FD250	12_2_00007FF7DD3FD250
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD4032E0	12_2_00007FF7DD4032E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD54E308	12_2_00007FF7DD54E308
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD4442D0	12_2_00007FF7DD4442D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F01A2	12_2_00007FF7DD3F01A2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D4460	12_2_00007FF7DD3D4460
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD442450	12_2_00007FF7DD442450
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F14F0	12_2_00007FF7DD3F14F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD4254E0	12_2_00007FF7DD4254E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DE500	12_2_00007FF7DD3DE500
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DB360	12_2_00007FF7DD3DB360
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D3370	12_2_00007FF7DD3D3370
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD527394	12_2_00007FF7DD527394
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DB680	14_2_00007FF7DD3DB680
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F7F00	14_2_00007FF7DD3F7F00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DC580	14_2_00007FF7DD3DC580
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3FDD20	14_2_00007FF7DD3FDD20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD403D20	14_2_00007FF7DD403D20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F1D40	14_2_00007FF7DD3F1D40
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D9550	14_2_00007FF7DD3D9550
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D55F0	14_2_00007FF7DD3D55F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD412E00	14_2_00007FF7DD412E00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F0DB0	14_2_00007FF7DD3F0DB0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D3DC0	14_2_00007FF7DD3D3DC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3ECDC0	14_2_00007FF7DD3ECDC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F1860	14_2_00007FF7DD3F1860
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3E4090	14_2_00007FF7DD3E4090
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DC8E2	14_2_00007FF7DD3DC8E2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD40F0C0	14_2_00007FF7DD40F0C0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD4B2780	14_2_00007FF7DD4B2780
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3E6FE0	14_2_00007FF7DD3E6FE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3E87A0	14_2_00007FF7DD3E87A0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DD7C0	14_2_00007FF7DD3DD7C0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DEA70	14_2_00007FF7DD3DEA70
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD40BA80	14_2_00007FF7DD40BA80
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D4A30	14_2_00007FF7DD3D4A30
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F3A27	14_2_00007FF7DD3F3A27
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3FD250	14_2_00007FF7DD3FD250
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD4032E0	14_2_00007FF7DD4032E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3EDAE0	14_2_00007FF7DD3EDAE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3ECAF0	14_2_00007FF7DD3ECAF0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D4B00	14_2_00007FF7DD3D4B00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3E9B10	14_2_00007FF7DD3E9B10
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD4442D0	14_2_00007FF7DD4442D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D6950	14_2_00007FF7DD3D6950
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F29E0	14_2_00007FF7DD3F29E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD4299F0	14_2_00007FF7DD4299F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F01A2	14_2_00007FF7DD3F01A2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD5369D0	14_2_00007FF7DD5369D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D4460	14_2_00007FF7DD3D4460
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3E2420	14_2_00007FF7DD3E2420
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD53CD04	14_2_00007FF7DD53CD04
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F14F0	14_2_00007FF7DD3F14F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD4254E0	14_2_00007FF7DD4254E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DE500	14_2_00007FF7DD3DE500
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DB360	14_2_00007FF7DD3DB360
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D3370	14_2_00007FF7DD3D3370
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD527394	14_2_00007FF7DD527394
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DB680	15_2_00007FF7DD3DB680
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F7F00	15_2_00007FF7DD3F7F00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DC580	15_2_00007FF7DD3DC580
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3FDD20	15_2_00007FF7DD3FDD20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD403D20	15_2_00007FF7DD403D20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F1D40	15_2_00007FF7DD3F1D40
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D9550	15_2_00007FF7DD3D9550
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D55F0	15_2_00007FF7DD3D55F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F3611	15_2_00007FF7DD3F3611
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD412E00	15_2_00007FF7DD412E00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D3DC0	15_2_00007FF7DD3D3DC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3ECDC0	15_2_00007FF7DD3ECDC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F1860	15_2_00007FF7DD3F1860
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3E4090	15_2_00007FF7DD3E4090
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3E9840	15_2_00007FF7DD3E9840
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DC8E0	15_2_00007FF7DD3DC8E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD4B2780	15_2_00007FF7DD4B2780
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3E6FE0	15_2_00007FF7DD3E6FE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DD7C0	15_2_00007FF7DD3DD7C0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DEA70	15_2_00007FF7DD3DEA70
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D4A30	15_2_00007FF7DD3D4A30
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3FD250	15_2_00007FF7DD3FD250
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD4032E0	15_2_00007FF7DD4032E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3EDAE0	15_2_00007FF7DD3EDAE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3ECAF0	15_2_00007FF7DD3ECAF0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D4B00	15_2_00007FF7DD3D4B00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD4442D0	15_2_00007FF7DD4442D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D6950	15_2_00007FF7DD3D6950
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F29E0	15_2_00007FF7DD3F29E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD4299F0	15_2_00007FF7DD4299F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F01A0	15_2_00007FF7DD3F01A0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD5369D0	15_2_00007FF7DD5369D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D4460	15_2_00007FF7DD3D4460
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3FAC70	15_2_00007FF7DD3FAC70
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3E2420	15_2_00007FF7DD3E2420
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD53CD04	15_2_00007FF7DD53CD04
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F14F0	15_2_00007FF7DD3F14F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD4254E0	15_2_00007FF7DD4254E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DE500	15_2_00007FF7DD3DE500
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DB362	15_2_00007FF7DD3DB362
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D3370	15_2_00007FF7DD3D3370
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD527394	15_2_00007FF7DD527394

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: String function: 00007FF7DD544390 appears 45 times
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: String function: 00007FF7DD3EC590 appears 70 times

Source: setup.exe.4.dr

Static PE information: Resource name: RT_STRING type: Hitachi SH big-endian COFF executable, not stripped, 49035 sections, symbol offset=0x5480517f, 100672400 symbols, optional header size 55933

Source: wavebrowser.exe.4.dr	Static PE information: Number of sections : 12 > 10
Source: setup.exe.4.dr	Static PE information: Number of sections : 12 > 10

Source: setdf[1].exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: setdf.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wavebrowser.exe.4.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wavebrowser.exe.4.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000001.671426985.00000000729E0000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamensResize.dllL vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSetUserFTA.exe6 vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000000.670701815.000000000043B000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameWave Browser: vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamesetup.exeL vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751622339.0000000003FA0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751580791.0000000003F50000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemswsock.dll.muij% vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp	Binary or memory string: ../../base/file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\../../base/files/file_util_win.ccMakeAbsoluteFilePathDeleteFileAfterRebootReplaceFileWPathExistsDirectoryExistsC:\CreateAndOpenTemporaryFileInDir.tmpCreateTemporaryDirInDirCreateNewTempDirectoryCreateDirectoryAndGetErrorGetFileInfoOpenFileWriteFileGetCurrentDirectoryWSetCurrentDirectoryWMoveUnsafeCopyAndDeleteDirectoryDeleteFile.RecursiveDeleteFile.NonRecursiveDeleteFileAndRecordMetricsDoDeleteFileWindows.PostOperationState.Windows.FilesystemError.DoCopyDirectoryDoCopyFile vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751346367.0000000003100000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs Wave Browser_cg5vc6cx_.exe

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal42.spyw.evad.winEXE@80/265@10/19

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

Code function: 12_2_00007FF7DD428670 FormatMessageA,GetLastError,

12_2_00007FF7DD428670

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

0_2_004031D6

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Code function: 0_2_0040449B GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040449B

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 5_2_00007FF6784656A0 GetProcessId,GetLastError,CreateToolhelp32Snapshot,GetLastError,SetLastError,

5_2_00007FF6784656A0

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Code function: 0_2_004020D1 CoCreateInstance,MultiByteToWideChar,

0_2_004020D1

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

File created: C:\Users\user\Wavesor Software

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupExitEventMutex_6209002892563102683
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5860:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupMutex_6209002892563102683

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

File created: C:\Users\user\AppData\Local\Temp\nseBA50.tmp

Jump to behavior

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: wavebrowser.exe, 0000000B.00000003.749027523.000002B2550CE000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','field_info_index','field_info',#1,'CREATE INDEX field_info_index ON field_info (form_signature, field_signature)');z?H
Source: wavebrowser.exe, 0000000B.00000003.749027523.000002B2550CE000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','field_info_index','field_info',#1,'CREATE INDEX field_info_index ON field_info (form_signature, field_signature)');
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	Binary or memory string: SELECT origin_url, action_url, username_element, username_value, password_element, password_value, submit_element, signon_realm, date_created, blacklisted_by_user, scheme, password_type, times_used, form_data, date_synced, display_name, icon_url, federation_url, skip_zero_click, generation_upload_status, possible_username_pairs, id, date_last_used, moving_blocked_for FROM logins WHERE date_created >= ? AND date_created < ? ORDER BY origin_url;

Source: Wave Browser_cg5vc6cx_.exe	String found in binary or memory: "C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z" --do-not-register-for-update-launch --make-chrome-default
Source: Wave Browser_cg5vc6cx_.exe	String found in binary or memory: "C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z" --do-not-register-for-update-launch --make-chrome-default
Source: setup.exe	String found in binary or memory: Jy het nie die gepaste regte vir stelselvlak-installering nie. Probeer om die installeerder weer te laat loop as Administrateur.>
Source: setup.exe	String found in binary or memory: Wala kang naaangkop na mga karapatan para sa pag-install sa antas ng system. Subukan muling patakbuhin ang installer bilang Admini
Source: setup.exe	String found in binary or memory: ../../base/process/launch_win.cc
Source: setup.exe	String found in binary or memory: Jy het nie die gepaste regte vir stelselvlak-installering nie. Probeer om die installeerder weer te laat loop as Administrateur.>
Source: setup.exe	String found in binary or memory: Wala kang naaangkop na mga karapatan para sa pag-install sa antas ng system. Subukan muling patakbuhin ang installer bilang Admini
Source: setup.exe	String found in binary or memory: ../../base/process/launch_win.cc

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

File read: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe 'C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe'
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe 'C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe' --install-archive='C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z' --do-not-register-for-update-launch --make-chrome-default
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe 'C:\Users\user\AppData\Local\Temp\af85ff68-db96-4195-b531-f1a4aee5bead.tmp'
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --prevdefbrowser=2 --install-type=1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=1796 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:8
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe 'C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe' --install-archive='C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z' --do-not-register-for-update-launch --make-chrome-default	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe 'C:\Users\user\AppData\Local\Temp\af85ff68-db96-4195-b531-f1a4aee5bead.tmp'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --prevdefbrowser=2 --install-type=1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=1796 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Window detected: Number of UI elements: 11

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Registry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WaveBrowser

Jump to behavior

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: certificate valid

Source: Wave Browser_cg5vc6cx_.exe

Static file information: File size 64298088 > 1048576

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: setup.exe.pdb source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp, setup.exe, 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp
Source:	Binary string: wavebrowser.exe.pdb source: setup.exe, 00000004.00000003.726318035.00000236057B1000.00000004.00000001.sdmp
Source:	Binary string: wavebrowser_proxy.exe.pdb source: setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp

Data Obfuscation:

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: real checksum: 0x3d53908 should be:

Source: wavebrowser.exe.4.dr	Static PE information: section name: .00cfg
Source: wavebrowser.exe.4.dr	Static PE information: section name: .gehcont
Source: wavebrowser.exe.4.dr	Static PE information: section name: .retplne
Source: wavebrowser.exe.4.dr	Static PE information: section name: CPADinfo
Source: wavebrowser.exe.4.dr	Static PE information: section name: _RDATA
Source: setup.exe.4.dr	Static PE information: section name: .00cfg
Source: setup.exe.4.dr	Static PE information: section name: .gehcont
Source: setup.exe.4.dr	Static PE information: section name: .retplne
Source: setup.exe.4.dr	Static PE information: section name: CPADinfo
Source: setup.exe.4.dr	Static PE information: section name: _RDATA

Persistence and Installation Behavior:

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\nsResize.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File created: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\Installer\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser_proxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\setdf[1].exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

File created: C:\Users\user\AppData\Local\Temp\wavebrowser_installer.log

Jump to behavior

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

File created: C:\Users\user\AppData\Local\Temp\3124_696802910\LICENSE.txt

Jump to behavior

Boot Survival:

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveBrowser.lnk

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_Bios

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 4_2_00007FF678447880 rdtsc

4_2_00007FF678447880

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_8-1328

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	API coverage: 9.6 %
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	API coverage: 3.6 %
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	API coverage: 9.9 %
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	API coverage: 0.9 %
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	API coverage: 6.0 %

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\00000409

Jump to behavior

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Model FROM Win32_ComputerSystem
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File Volume queried: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\wasm FullSizeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File Volume queried: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js FullSizeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File Volume queried: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\blob_storage\bc64e454-547f-4a76-aeae-81cc29e6e2b8 FullSizeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File Volume queried: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache FullSizeInformation

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_0040626D FindFirstFileA,FindClose,	0_2_0040626D
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_00405732 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405732
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67845AC9D FindFirstFileExW,	4_2_00007FF67845AC9D
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67845AC9D FindFirstFileExW,	5_2_00007FF67845AC9D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F425D FindFirstFileExW,	12_2_00007FF7DD3F425D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F425D FindFirstFileExW,	14_2_00007FF7DD3F425D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F425D FindFirstFileExW,	15_2_00007FF7DD3F425D

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: wavebrowser.exe, 0000000B.00000002.1780046818.000002B257C87000.00000004.00000001.sdmp	Binary or memory string: VMware
Source: wavebrowser.exe, 0000000B.00000003.1728741183.000002B25BD6A000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWp
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW)?
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.747186594.0000000000777000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727556981.0000023603A65000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: wavebrowser.exe, 0000000B.00000003.1728741183.000002B25BD6A000.00000004.00000001.sdmp	Binary or memory string: Yvmware
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

API call chain: ExitProcess graph end node

graph_0-3772

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Found API chain indicative of debugger detection

Show sources

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

graph_8-1245

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 4_2_00007FF678447880 rdtsc

4_2_00007FF678447880

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 4_2_00007FF67860EB14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_00007FF67860EB14

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67860EB14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FF67860EB14
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6785FDE28 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FF6785FDE28
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67860EB14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF67860EB14
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6785FDE28 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00007FF6785FDE28
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00401179 Sleep,Sleep,SetUnhandledExceptionFilter,_acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,GetStartupInfoA,_initterm,exit,	8_2_00401179
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00403BDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	8_2_00403BDC
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00403BE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	8_2_00403BE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD532534 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00007FF7DD532534
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD522178 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_00007FF7DD522178
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD532534 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_00007FF7DD532534
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD522178 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_00007FF7DD522178
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD532534 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_00007FF7DD532534
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD522178 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_00007FF7DD522178

HIPS / PFW / Operating System Protection Evasion:

Creates a thread in another existing process (thread injection)

Show sources

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe 'C:\Users\user\AppData\Local\Temp\af85ff68-db96-4195-b531-f1a4aee5bead.tmp'	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=1796 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1	Jump to behavior

Source: wavebrowser.exe, 0000000B.00000002.1756834687.000002B251A80000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: wavebrowser.exe, 0000000B.00000002.1756834687.000002B251A80000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: wavebrowser.exe, 0000000B.00000002.1756834687.000002B251A80000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: wavebrowser.exe, 0000000B.00000002.1756834687.000002B251A80000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\Users\user\Wavesor Software\Temp\source3028_1457357344\Chrome-bin\master_preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\master_preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\default_apps\external_extensions.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\default_apps\external_extensions.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_1569129693\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_1413903802\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_1569129693\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\_locales\en\messages.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_1413903802\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\cplonachkpjlngkgbicfcmaelgeojmhe\1.0.1_0\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\cplonachkpjlngkgbicfcmaelgeojmhe\1.0.1_0\img\wav\icon16_disabled.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\_locales\en\messages.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\cmedgpckncgempanpegahopilddagioh\1.0.1_0\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\cmedgpckncgempanpegahopilddagioh\1.0.1_0\_locales\en\messages.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\hjbeoheoghofnhfmppfonmlmdanlmjoc\1.0.2_0\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\hjbeoheoghofnhfmppfonmlmdanlmjoc\1.0.2_0\img\wav\icon16_disabled.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_528200686\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\TrustTokenKeyCommitments\2021.5.8.1\keys.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_1822817589\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_289367033\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_949570790\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\FileTypePolicies\43\download_file_types.pb VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_281591937\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_696802910\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_996831261\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\CertificateRevocation\6592\crl-set VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_630256060\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_1281437563\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\SafetyTips\2629\safety_tips.pb VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_652553750\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\TLSDeprecationConfig\4\tls_deprecation_config.pb VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_974187129\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Crowd Deny\2021.4.26.1142\Preload Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_379039305\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_1864179955\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\english_wikipedia.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\female_names.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\male_names.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\passwords.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\surnames.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\us_tv_and_film.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Bookmarks VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package001021~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MFCore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0018~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package001020~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00117~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0016~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Common-Foundation-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0012~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-RestrictedCodecsCore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Multimedia-MF-avcore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-inetcore-Package~31bf3856ad364e35~amd64~~11.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-Feature-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Media-Streaming-avcore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EnterpriseClientSync-Host-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0013~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-UI-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-FCI-Client-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 4_2_00007FF6785FEE34 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

4_2_00007FF6785FEE34

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe

Code function: 8_2_0040158C GetCurrentProcessId,OpenProcess,OpenProcessToken,malloc,LookupAccountNameA,CheckTokenMembership,

8_2_0040158C

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

0_2_004031D6

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information:

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts1	Windows Management Instrumentation121	DLL Search Order Hijacking2	DLL Search Order Hijacking2	Deobfuscate/Decode Files or Information1	OS Credential Dumping1	System Time Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	System Shutdown/Reboot1
Default Accounts	Native API1	Valid Accounts1	Valid Accounts1	Obfuscated Files or Information1	LSASS Memory	Account Discovery1	Remote Desktop Protocol	Data from Local System1	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Command and Scripting Interpreter12	Windows Service1	Access Token Manipulation11	Software Packing1	Security Account Manager	File and Directory Discovery3	SMB/Windows Admin Shares	Clipboard Data1	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Registry Run Keys / Startup Folder1	Windows Service1	DLL Search Order Hijacking2	NTDS	System Information Discovery137	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Process Injection112	Masquerading1	LSA Secrets	Query Registry1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Registry Run Keys / Startup Folder1	Valid Accounts1	Cached Domain Credentials	Security Software Discovery151	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion13	DCSync	Virtualization/Sandbox Evasion13	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Access Token Manipulation11	Proc Filesystem	Process Discovery3	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Process Injection112	/etc/passwd and /etc/shadow	System Owner/User Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	Remote System Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Wave Browser_cg5vc6cx_.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

AV Detection:

Privilege Escalation:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

DDoS:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails