Play interactive tour

Edit tour

Analysis Report Wave Browser_cg5vc6cx_.exe

Overview

General Information

Sample Name:	Wave Browser_cg5vc6cx_.exe
Analysis ID:	407799
MD5:	5d999339f21d3a6b4ee9726874d6fbc5
SHA1:	a8dcf803b4a15d0fb5dde36dbee571d2f3fa53b0
SHA256:	33111d45c6e463b267685b51faefb49565d3e517a30940338e285c52e019e1a6
Infos:
Most interesting Screenshot:

Detection

Score:	42
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	21
Range:	0 - 100

Signatures

Creates a thread in another existing process (thread injection)

Found API chain indicative of debugger detection

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Antivirus or Machine Learning detection for unpacked file

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to launch a process as a different user

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

DLL planting / hijacking vulnerabilities found

Detected potential crypto function

Drops PE files

EXE planting / hijacking vulnerabilities found

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file contains strange resources

Queries keyboard layouts

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Too many similar processes found

Uses 32bit PE files

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Startup

System is w10x64

Wave Browser_cg5vc6cx_.exe (PID: 6284 cmdline: 'C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe' MD5: 5D999339F21D3A6B4EE9726874D6FBC5)

setup.exe (PID: 3028 cmdline: 'C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe' --install-archive='C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z' --do-not-register-for-update-launch --make-chrome-default MD5: C0364BBC1A78CE97482F4A0B0DDBAD08)

setup.exe (PID: 7124 cmdline: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0 MD5: C0364BBC1A78CE97482F4A0B0DDBAD08)

setdf.exe (PID: 7108 cmdline: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe 'C:\Users\user\AppData\Local\Temp\af85ff68-db96-4195-b531-f1a4aee5bead.tmp' MD5: 6573AEE829B967E22C3B984DF199250B)

conhost.exe (PID: 5860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

wavebrowser.exe (PID: 3124 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --prevdefbrowser=2 --install-type=1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 4928 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6748 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 7032 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=1796 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 7072 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 1376 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6800 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6492 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 4296 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6840 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 7012 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 5524 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 2088 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6456 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6864 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6828 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 5588 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 4944 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 6548 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 5088 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

wavebrowser.exe (PID: 7016 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Source: 0.1.Wave Browser_cg5vc6cx_.exe.729e0000.2.unpack	Avira: Label: TR/Crypt.XPACK.Gen7
Source: 0.1.Wave Browser_cg5vc6cx_.exe.729e0000.1.unpack	Avira: Label: TR/Crypt.XPACK.Gen7

Privilege Escalation:

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: WINSTA.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: LINKINFO.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: WTSAPI32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: CompPkgSup.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DMCmnUtils.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: VERSION.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dxva2.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dwmapi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mfplat.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: MDMRegistration.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DEVOBJ.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: CRYPTBASE.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ColorAdapterClient.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: NTASN1.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: evr.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: D3DCompiler_47.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DCIMAN32.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mfperfhelper.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mscms.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dxgi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: RTWorkQ.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: OLEACC.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: KBDUS.DLL	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msauddecmft.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msmpeg2vdec.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msvproc.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mf.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ddraw.dll

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\Installer\setup.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser_proxy.exe	Jump to behavior

Compliance:

DLL planting / hijacking vulnerabilities found

Show sources

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: WINSTA.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: LINKINFO.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: WTSAPI32.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: CompPkgSup.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DMCmnUtils.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: VERSION.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dxva2.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dwmapi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mfplat.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: MDMRegistration.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DEVOBJ.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: CRYPTBASE.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ColorAdapterClient.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: NTASN1.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: evr.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: D3DCompiler_47.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: DCIMAN32.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mfperfhelper.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mscms.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: dxgi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: RTWorkQ.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: OLEACC.dll	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: KBDUS.DLL	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msauddecmft.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msmpeg2vdec.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: msvproc.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: mf.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	DLL: ddraw.dll

EXE planting / hijacking vulnerabilities found

Show sources

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\Installer\setup.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	EXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser_proxy.exe	Jump to behavior

Uses 32bit PE files

Show sources

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Creates a software uninstall entry

Show sources

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Registry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WaveBrowser

Jump to behavior

Creates install or setup log file

Show sources

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

File created: C:\Users\user\AppData\Local\Temp\wavebrowser_installer.log

Jump to behavior

Creates license or readme file

Show sources

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

File created: C:\Users\user\AppData\Local\Temp\3124_696802910\LICENSE.txt

Jump to behavior

PE / OLE file has a valid certificate

Show sources

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: certificate valid

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 143.204.209.86:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.11.52:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.81.120:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.81.120:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.109:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.109:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.11.52:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.23.34.82:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.23.34.82:443 -> 192.168.2.4:49799 version: TLS 1.2

Contains modern PE file flags such as dynamic base (ASLR) or NX

Show sources

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Binary contains paths to debug symbols

Show sources

Source:	Binary string: setup.exe.pdb source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp, setup.exe, 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp
Source:	Binary string: wavebrowser.exe.pdb source: setup.exe, 00000004.00000003.726318035.00000236057B1000.00000004.00000001.sdmp
Source:	Binary string: wavebrowser_proxy.exe.pdb source: setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp

Spreading:

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_0040626D FindFirstFileA,FindClose,	0_2_0040626D
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_00405732 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405732
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67845AC9D FindFirstFileExW,	4_2_00007FF67845AC9D
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67845AC9D FindFirstFileExW,	5_2_00007FF67845AC9D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F425D FindFirstFileExW,	12_2_00007FF7DD3F425D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F425D FindFirstFileExW,	14_2_00007FF7DD3F425D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F425D FindFirstFileExW,	15_2_00007FF7DD3F425D

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Networking:

Source: Joe Sandbox View

IP Address: 151.101.2.109 151.101.2.109

Source: Joe Sandbox View	JA3 fingerprint: b32309a26951912be7dba376398abc3b
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.19.115
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.19.115
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.19.115
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknown	TCP traffic detected without corresponding DNS query: 151.101.2.109

Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: !-us1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"policy":{"last_statistics_update":"13264921254244811"},"privacy_budget":{"generation":1,"randomizer_seed":"7292703696600211514"},"profile":{"info_cache":{"Default":{"active_time":1620447664.255391,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_given_name":"","gaia_id":"","gaia_name":"","is_consented_primary_account":false,"is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":t
Source: setup.exe, 00000004.00000002.741629920.0000023603A65000.00000004.00000020.sdmp	String found in binary or memory: ":"www.mywavehome.net","uc":"20210508","dfn":"Wave Browser","domain":"wavebrowser.co","re_url":"http://","source":"-lp0-bb6-brwsr","user_id":"ff016ddb-5584-4b46-b38e-499f2baf1385","useragent":"BRWSR-GENERIC","adprovider":"appfocus1","implementation_id":"wav","keyword":null,"Branding":"wav","Vertical":"","IpAddress":"50.234.242.107","CampaignId":null,"HasOffersId":null,"AwConversionId":null,"AwAccountNumber":null,"ConversionValue":2.5,"GoogleAnalyticsId":null,"HasOffersTransactionId":null,"ShouldFirePixel":false,"GoogleClickId":null,"seUrl":"https://search.yahoo.com/search?p={searchTerms}","tsj":null,"StubStarted":false} equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version infor
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version infor
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version infor
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version infor
Source: wavebrowser.exe, 0000000B.00000003.1733868705.000002B25804E000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"
Source: wavebrowser.exe, 0000000B.00000003.1733868705.000002B25804E000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"
Source: wavebrowser.exe, 0000000B.00000003.1733868705.000002B25804E000.00000004.00000001.sdmp	String found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp	String found in binary or memory: //www.yahoo.com/favicon. "id"X* equals www.yahoo.com (Yahoo)
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp	String found in binary or memory: //www.yahoo.com/favicon. equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: 7d_bypolicy":false,"avicon_url":"htp://www.yahoo.c equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmp	String found in binary or memory: 9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_c
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmp	String found in binary or memory: 9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_c
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmp	String found in binary or memory: 9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_c
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: 9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_c
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: 9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_c
Source: wavebrowser.exe, 0000000B.00000003.1733803466.000002B258044000.00000004.00000001.sdmp	String found in binary or memory: :0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"pol
Source: wavebrowser.exe, 0000000B.00000003.1733868705.000002B25804E000.00000004.00000001.sdmp	String found in binary or memory: :0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"pol
Source: wavebrowser.exe, 0000000B.00000003.1733803466.000002B258044000.00000004.00000001.sdmp	String found in binary or memory: :0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"pol
Source: wavebrowser.exe, 0000000B.00000003.1733868705.000002B25804E000.00000004.00000001.sdmp	String found in binary or memory: :0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"pol
Source: wavebrowser.exe, 0000000B.00000003.1729302764.000002B257F3C000.00000004.00000001.sdmp	String found in binary or memory: b\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_check_data":{},"sensors":{},"serial_chooser_data":{},"serial_guard":{},"site_engagement":{},"sound":{},"ssl_cert_decisions":{},"storage_access":{},"subresource_filter":{},"subresource_filter_data":{},"usb_chooser_data":{},"usb_guard":{},"vr":{},"window_placement":{}},"pref_version":1},"created_by_version":"1.1.0.7","creat\ equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729302764.000002B257F3C000.00000004.00000001.sdmp	String found in binary or memory: b\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_check_data":{},"sensors":{},"serial_chooser_data":{},"serial_guard":{},"site_engagement":{},"sound":{},"ssl_cert_decisions":{},"storage_access":{},"subresource_filter":{},"subresource_filter_data":{},"usb_chooser_data":{},"usb_guard":{},"vr":{},"window_placement":{}},"pref_version":1},"created_by_version":"1.1.0.7","creat\??\pipe\chrome. equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729302764.000002B257F3C000.00000004.00000001.sdmp	String found in binary or memory: b\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_check_data":{},"sensors":{},"serial_chooser_data":{},"serial_guard":{},"site_engagement":{},"sound":{},"ssl_cert_decisions":{},"storage_access":{},"subresource_filter":{},"subresource_filter_data":{},"usb_chooser_data":{},"usb_guard":{},"vr":{},"window_placement":{}},"pref_version":1},"created_by_version":"1.1.0.7","creat\??\pipe\chrome~ equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729302764.000002B257F3C000.00000004.00000001.sdmp	String found in binary or memory: b\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"hid_guard":{},"idle_detection":{},"images":{},"important_site_info":{},"insecure_private_network":{},"installed_web_app_metadata":{},"intent_picker_auto_display":{},"javascript":{},"legacy_cookie_access":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi_sysex":{},"mixed_script":{},"nfc":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"ppapi_broker":{},"protocol_handler":{},"safe_browsing_url_check_data":{},"sensors":{},"serial_chooser_data":{},"serial_guard":{},"site_engagement":{},"sound":{},"ssl_cert_decisions":{},"storage_access":{},"subresource_filter":{},"subresource_filter_data":{},"usb_chooser_data":{},"usb_guard":{},"vr":{},"window_placement":{}},"pref_version":1},"created_by_version":"1.1.0.7","creat\??\pipe\chrome~fbAQw2Z equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: e_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html"," equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: e_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","p equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: h.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.98520
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: h.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.98520
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: h.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.98520
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: h.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.98520
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: h.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.98520
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.ico26.7.0_05 equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.icooderWakeup6 equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.icorms} equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://www.youtube.com equals www.youtube.com (Youtube)
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://www.yahoo.com/favicon.ico equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://www.yahoo.com/favicon.ico58 equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: in"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do notE equals www.facebook.com (Facebook)
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: n_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: n_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: p://www.yahoo.c equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: r":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name
Source: wavebrowser.exe, 0000000B.00000003.1729336693.000002B257F63000.00000004.00000001.sdmp	String found in binary or memory: r":{"show_home_button":true},"default_search_provider_data":{"template_url_data":{"alternate_urls":[],"contextual_search_url":"","created_by_policy":false,"created_from_play_api":false,"date_created":"13264921254314996","doodle_url":"","favicon_url":"http://www.yahoo.com/favicon.ico","id":"3","image_url":"","image_url_post_params":"","input_encodings":["UTF-8"],"keyword":"wavebrowser search","last_modified":"13264921254314996","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","prepopulate_id":26,"safe_for_autoreplace":true,"search_url_post_params":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e","url":"https://search.yahoo.com/search?p={searchTerms}","usage_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13264921254555572","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for WaveBrowser.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","permissions":["webstorePrivate","management","system.cpu","system.display","system.memory","system.network","system.storage"],"version":"0.2"},"needs_sync":true,"page_ordinal":"n","path":"C:\\Users\\user\\Wavesor Software\\WaveBrowser\\1.1.0.7\\resources\\web_store","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"cmedgpckncgempanpegahopilddagioh":{"ack_external":true,"lastpingday":"13264844401427237"},"cplonachkpjlngkgbicfcmaelgeojmhe":{"ack_external":true,"lastpingday":"13264844401427237"},"hjbeoheoghofnhfmppfonmlmdanlmjoc":{"ack_external":true,"lastpingday":"13264844401427237"},"kmendfapggjehodndflmmgagdbamhnfd":{"active_permissions":{"api":["cryptotokenPrivate","externally_connectable.all_urls","tabs"],"explicit_host":["http:///","https:///"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13264921254561511","location":5,"manifest":{"background":{"persistent":fals
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: tion_service_first_run_time":"13264921254553502","autocomplete":{"retention_policy_last_version":1},"autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory"
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: tion_service_first_run_time":"13264921254553502","autocomplete":{"retention_policy_last_version":1},"autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory"
Source: wavebrowser.exe, 0000000B.00000002.1774493986.000002B2552C3000.00000004.00000001.sdmp	String found in binary or memory: tion_service_first_run_time":"13264921254553502","autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"h
Source: wavebrowser.exe, 0000000B.00000002.1774493986.000002B2552C3000.00000004.00000001.sdmp	String found in binary or memory: tion_service_first_run_time":"13264921254553502","autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newtab/"],"gaia_cookie":{"changed_time":1620447659.708146,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]\n]\n"},"gcm":{"product_category_for_subtypes":"com.wavebrowser.windows"},"google":{"services":{"signin_scoped_device_id":"ae399503-a80d-4ec9-b013-29034b8a70ae"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","media":{"device_id_salt":"ACDCF2486947A4E14B7F2EBA362C8FB0","engagement":{"schema_version":4}},"media_router":{"receiver_id_hash_token":"LrKOBmqgEfkrdow20/96s67pNMQpHNyoqpJwCASkFnWUaBC66h72Saj1jGbyqsHuv8aop1LCNd+cI5xwyAPRuw=="},"plugins":{"plugins_list":[]},"previews":{"litepage":{"user-needs-notification":false}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"enable_quiet_permission_ui_enabling_method":{"notifications":1},"exceptions":{"accessibility_events":{},"app_banner":{},"ar":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_chooser_data":{},"bluetooth_guard":{},"bluetooth_scanning":{},"camera_pan_tilt_zoom":{},"client_hints":{},"clipboard":{},"cookies":{},"durable_storage":{},"file_system_last_picked_directory":{},"file_system_read_guard":{},"file_system_write_guard":{},"font_access":{},"geolocation":{},"hid_chooser_data":{},"h
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: us1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"Chromium PDF Viewer","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"Chromium PDF Plugin","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"policy":{"last_statistics_update":"13264921254244811"},"privacy_budget":{"generation":1,"randomizer_seed":"7292703696600211514"},"profile":{"info_cache":{"Default":{"active_time":1620447664.255391,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_given_name":"","gaia_id":"","gaia_name":"","is_consented_primary_account":false,"is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":tru
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player"," equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","FPS_BROWSER_APP_PROFILE_STRING=Internet Explorep equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","ISION=5507ProgramData=C:\ProgramDataProgramFilpn equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","\\.\pipe\crashpad_3124_LCESDHZTQULCEWGCCommonPrpR equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","ec=C:\Windows\system32\cmd.exeDriverData=C:\Winp equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"Shockwave Flash","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","ppData\Local\TempTMP=C:\Users\user\AppData\Locp\| equals www.yahoo.com (Yahoo)
Source: setup.exe, 00000004.00000003.727556981.0000023603A65000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: {"stub":1,"ConversionPixelThrottle":100,"Installed":false,"ntp":"www.mywavehome.net","uc":"20210508","dfn":"Wave Browser","domain":"wavebrowser.co","re_url":"http://","source":"-lp0-bb6-brwsr","user_id":"ff016ddb-5584-4b46-b38e-499f2baf1385","useragent":"BRWSR-GENERIC","adprovider":"appfocus1","implementation_id":"wav","keyword":null,"Branding":"wav","Vertical":"","IpAddress":"50.234.242.107","CampaignId":null,"HasOffersId":null,"AwConversionId":null,"AwAccountNumber":null,"ConversionValue":2.5,"GoogleAnalyticsId":null,"HasOffersTransactionId":null,"ShouldFirePixel":false,"GoogleClickId":null,"seUrl":"https://search.yahoo.com/search?p={searchTerms}","tsj":null,"StubStarted":false} equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: {"stub":1,"ConversionPixelThrottle":100,"Installed":false,"ntp":"www.mywavehome.net","uc":"20210508","dfn":"Wave Browser","domain":"wavebrowser.co","re_url":"http://","source":"-lp0-bb6-brwsr","user_id":"ff016ddb-5584-4b46-b38e-499f2baf1385","useragent":"BRWSR-GENERIC","adprovider":"appfocus1","implementation_id":"wav","keyword":null,"Branding":"wav","Vertical":"","IpAddress":"50.234.242.107","CampaignId":null,"HasOffersId":null,"AwConversionId":null,"AwAccountNumber":null,"ConversionValue":2.5,"GoogleAnalyticsId":null,"HasOffersTransactionId":null,"ShouldFirePixel":false,"GoogleClickId":null,"seUrl":"https://search.yahoo.com/search?p={searchTerms}","tsj":null,"StubStarted":false}SR-GENERIC","adprovideE equals www.yahoo.com (Yahoo)

Source: unknown

DNS traffic detected: queries for: cdn.wavebrowserbase.com

Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://accounts.google.com/
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crx
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: http://code.google.com/p/chromium/issues/entry
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
Source: wavebrowser.exe, 0000000B.00000003.1730731860.000002B257A4B000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
Source: wavebrowser.exe, 0000000B.00000003.765752103.000002B255338000.00000004.00000001.sdmp	String found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://crls.pki.goog/gts
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://crls.pki.goog/gts1c3/fVJxbV-Ktmk.crl0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crt.F
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: setup.exe, 00000004.00000003.740372829.0000023605961000.00000004.00000001.sdmp	String found in binary or memory: http://crt.rootg2.amazontrust.c
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNDY1QUFXN0xyYXk3alhLdzdZUk9VYkQw
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTNiSWgtQVVEaW9x
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0X-1xmR7XgfN7s
Source: wavebrowser.exe, 0000000B.00000002.1782509298.000002B25815C000.00000004.00000001.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw
Source: wavebrowser.exe, 0000000B.00000002.1782509298.000002B25815C000.00000004.00000001.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g3nqJr3Q
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://docs.google.com/
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://drive.google.com/
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTNi
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/Jh_vhqSFpzyp9QNFeobyJw_2021.4.26.1142/OTi
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/VTalr6P9HZbT-DVYB3umiA_92.0.4500.2/Q2DmiS
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://google.com/
Source: setdf.exe, 00000008.00000000.731452554.0000000000406000.00000002.00020000.sdmp	String found in binary or memory: http://kolbi.cz
Source: Wave Browser_cg5vc6cx_.exe, Wave Browser_cg5vc6cx_.exe, 00000000.00000000.670692197.0000000000409000.00000008.00020000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000000.670692197.0000000000409000.00000008.00020000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wavebrowser.exe, 0000000B.00000003.765752103.000002B255338000.00000004.00000001.sdmp	String found in binary or memory: http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQw
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://o.ss2.us/0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki
Source: wavebrowser.exe, 0000000B.00000003.1730731860.000002B257A4B000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1c301
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1c31.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gts1c3.der
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1c31.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gts1c3.der&
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1c31.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gts1c3.dere
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1c31.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gts1c3.derk
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gts1o1core0
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gtsr100
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gtsr11.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gtsr1.der
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.pki.goog/gtsr11.3.6.1.5.5.7.48.2http://pki.goog/repo/certs/gtsr1.derI
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.cF
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.rootg2.amazontrust.com08
Source: wavebrowser.exe, 0000000B.00000003.765752103.000002B255338000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sca1b.amazontrust.com
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sca1b.amazontrust.com06
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNDY1QUFXN0xyYXk3alh
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTN
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0X
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhhe
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/Jh_vhqSFpzyp9QNFeobyJw_2021.4.26.1142/OT
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/MmoaAqx6EyttFWlQIReJ8w_20210425.37125334
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/SmnnJY4UYJ0c_jp_Z-xA-A_2021.5.8.1/Xlb8zU
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/VTalr6P9HZbT-DVYB3umiA_92.0.4500.2/Q2Dmi
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/eiM05Tx_uvrJc5zP5ITDnA_9.22.0/AKWRiUwS3E
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://s.ss2.us/r.crl0
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs;
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: http://update.googleapis.com/service/update2/json
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNDY1QUFXN0xyYXk3alhLdzdZUk9V
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTNiSWgtQVVE
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0X-1xmR7Xgf
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-L
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/update2/response
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: wavebrowser.exe, 0000000B.00000002.1756997317.000002B2530A0000.00000002.00000001.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000003.1729336693.000002B257F63000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.ico
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.ico26.7.0_05
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.icooderWakeup6
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: http://www.yahoo.com/favicon.icorms
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: http://www.youtube.com
Source: wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: http://x.ss2.us/x.cer0&
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/AuthSubRevokeToken
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/ClientLogin
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfoPq
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/GetUserInfo
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/OAuthGetAccessToken
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/OAuthGetAccessTokenbq
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/OAuthWrapBridge
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/ServiceLogin
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/ServiceLoginAuth
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/TokenAuth
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/dfh
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/e
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windowsip
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chromeOq
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth/GetOAuthToken/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/authJq
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.co/
Source: setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.co/5
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.co/i?ua=%7B%22strt%22%3A%22inst%22%7D%24BRWSR-GENERIC&uid=ff016d
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.co/i?ua=%7B%22strt%22%3A%22inst%22%7D%24BRWSR-GENERIC&uid=ff016de-499f2b
Source: setup.exe, 00000004.00000002.741597192.0000023603A4B000.00000004.00000020.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.co/i?ua=BRWSR-GENERIC&uid=ff016ddb-5584-4b46-b38e-499f2baf1385&src=-lp0-bb6-
Source: wavebrowser.exe, 0000000B.00000003.1730382497.000002B257F88000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowser.net/i?ap=appfocus1&iid=wav&src=-lp0-bb6-brwsr-inst&sub=20210508&uid=ff016ddb
Source: setup.exe, 00000004.00000003.740979737.0000023605965000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/
Source: setup.exe, 00000004.00000002.741568928.0000023603A2C000.00000004.00000020.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/Bp
Source: setup.exe, 00000004.00000002.741568928.0000023603A2C000.00000004.00000020.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/M
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/
Source: setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp, setup.exe, 00000004.00000002.741648294.0000023603A77000.00000004.00000020.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_
Source: setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_0E
Source: setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_3
Source: setup.exe, 00000004.00000003.740979737.0000023605965000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_C:
Source: setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_son
Source: setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_sonW
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/log/imp/e/chr_offer_declined/d/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/search/yhs
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/store/user/
Source: setup.exe, 00000004.00000002.741473586.00000236039D0000.00000004.00000020.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/store/user/?id=&iid=wav_Gr
Source: setup.exe, 00000004.00000002.741508731.00000236039FC000.00000004.00000020.sdmp	String found in binary or memory: https://api.wavebrowserbase.com/store/user/?id=&iid=wav_Jr
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://apimvinstall-typenobmnoimportnostartprevdefbrowserwidstrtlditismiautwtsqlihttps://api.wavebr
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://apis.google.com
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/entry?template=Safety
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icodA
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.jsdelivr.net/npm/vuetify
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.747186594.0000000000777000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.747186594.0000000000777000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/D
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/tools/setdf.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/tools/setdf.exe/SILENTsetup.exewavebrowser.packed.7z
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/tools/setdf.exea
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.wavebrowserbase.com/tools/setdf.exev
Source: wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.g
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.g=404
Source: wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.ge.co
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.googl
Source: wavebrowser.exe, 0000000B.00000003.1729336693.000002B257F63000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore.7
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: wavebrowser.exe, 0000000B.00000002.1773373144.000002B2550CF000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5d
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en$
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GBO
Source: wavebrowser.exe, 0000000B.00000002.1773991509.000002B255219000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GBWeb
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en05
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enShortcut
Source: wavebrowser.exe, 0000000B.00000003.1729895451.000002B2579D8000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enWeb
Source: wavebrowser.exe, 0000000B.00000003.1729109466.000002B25BAC1000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enh
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enon.0
Source: wavebrowser.exe, 0000000B.00000002.1773373144.000002B2550CF000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstore_info
Source: wavebrowser.exe, 0000000B.00000002.1773373144.000002B2550CF000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.google.com/webstoretaa/
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: https://chrome.googlm/we
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/recordser
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crxL
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://clients4.google.com/rappor
Source: wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: https://content-autofill.googleapis.com/
Source: wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: https://content-autofill.googleapis.com/s
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://content.googleapis.com
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779643181.000002B257B07000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780046818.000002B257C87000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: wavebrowser.exe, 0000000B.00000002.1780046818.000002B257C87000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Am
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779643181.000002B257B07000.00000004.00000001.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1cache-control:no-cache
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNDY1QUFXN0xyYXk3alhLdzdZUk9VYkQ
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTNiSWgtQVVEaW9
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0X-1xmR7XgfN7s
Source: wavebrowser.exe, 0000000B.00000002.1782509298.000002B25815C000.00000004.00000001.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g3nqJr3Q
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://docs.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/?usp=chrome_app
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://drive.google.com/drive/settings
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabixAll
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico64
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/Jh_vhqSFpzyp9QNFeobyJw_2021.4.26.1142/OT
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/VTalr6P9HZbT-DVYB3umiA_92.0.4500.2/Q2Dmi
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://feedback.googleusercontent.com
Source: wavebrowser.exe, 0000000B.00000003.1729336693.000002B257F63000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=searchTerms
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:100
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis.com/icon?family=Material
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.googleapis.com;
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://fonts.gstatic.com;
Source: wavebrowser.exe, 0000000F.00000003.777047665.000001E8CBD3A000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/google/material-design-lite
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://goog.com
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://google.com/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://google.com/revious
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://hangouts.google.com/
Source: setup.exe, 00000004.00000002.741568928.0000023603A2C000.00000004.00000020.sdmp	String found in binary or memory: https://login.live.com
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://mail.google.com/mail
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://mail.google.com/mail/#settings
Source: wavebrowser.exe, 0000000B.00000002.1782575176.000002B258189000.00000004.00000001.sdmp	String found in binary or memory: https://mywavehome.net
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://mywavehome.net/
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://mywavehome.net/(
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://mywavehome.net/I
Source: wavebrowser.exe, 0000000B.00000002.1780046818.000002B257C87000.00000004.00000001.sdmp	String found in binary or memory: https://mywavehome.net/tp//
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetokengq
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://passwords.google.comGoogle
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://payments.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: https://pki.goog/repository/0
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.16494
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/ALnT6ED-gzbBzhu3Ygv5otc_2629/E1V91Um4UF
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/Jh_vhqSFpzyp9QNFeobyJw_2021.4.26.1142/O
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/MmoaAqx6EyttFWlQIReJ8w_20210425.3712533
Source: wavebrowser.exe, 0000000B.00000002.1779643181.000002B257B07000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/SmnnJY4UYJ0c_jp_Z-xA-A_2021.5.8.1/Xlb8z
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/VTalr6P9HZbT-DVYB3umiA_92.0.4500.2/Q2Dm
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/eiM05Tx_uvrJc5zP5ITDnA_9.22.0/AKWRiUwS3
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://sandbox.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.ico
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.ico.2
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icos
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/search?p=
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS0D
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp	String found in binary or memory: https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
Source: wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=blocked
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000003.748897368.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://support.google.com/cloudprint/answer/2541843
Source: wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp	String found in binary or memory: https://ueue.js
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000003.1731473643.000002B258010000.00000004.00000001.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/json
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/jsonX
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/jsonandler
Source: wavebrowser.exe, 0000000B.00000003.1729504806.000002B257EE1000.00000004.00000001.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/jsontor
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.672165292.000000000079B000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/about/
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.672165292.000000000079B000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/about/.
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/privacy/?b=true
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/terms/?b=true
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/terms/?b=truehttps://wavebrowser.co/privacy/?b=true
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.681643384.00000000007A2000.00000004.00000001.sdmp	String found in binary or memory: https://wavebrowser.co/uninstall/.
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearchFA
Source: wavebrowser.exe, 0000000B.00000003.1730875787.000002B257AC9000.00000004.00000001.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlManaged
Source: wavebrowser.exe, 0000000B.00000003.1729859226.000002B2579CB000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/cloudprint
Source: wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	String found in binary or memory: https://www.google.com/cloudprint#jobs
Source: wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connector
Source: wavebrowser.exe, 0000000B.00000002.1773373144.000002B2550CF000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/cloudprint/enable_chrome_connectorbut
Source: wavebrowser.exe, 0000000B.00000002.1773373144.000002B2550CF000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/cloudprintC
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNDY1QUFXN0xyYXk3alhLdzdZUk9
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvZmMzQUFXNXo4eEtuSTNiSWgtQVV
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AIN-ljVPluSuHIO4gUFDrjU_6592/AM84yhots0X-1xmR7Xg
Source: wavebrowser.exe, 0000000B.00000003.1729027457.000002B25BA77000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/APXXLABkvVhhXtYF5CAJK8E_43/
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/Jh_vhqSFpzyp9QNFeobyJw_2021.4.26.1142/OTiHLpDMjC
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icos
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.com;
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://www.google.http
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/S
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwriter
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox0
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfoUq
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	String found in binary or memory: https://www.gstatic.com
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/config/plugins_3/plugins_win.json
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	String found in binary or memory: https://www.gstatic.com;
Source: wavebrowser.exe, 0000000B.00000002.1774100618.000002B255225000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000003.1729635403.000002B257F15000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1774100618.000002B255225000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp, wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	String found in binary or memory: https://www.mywavehome.net/?u=ff016ddb-5584-4b46-b38e-499f2baf1385&i=wav&sub=20210508&mv=true
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/?u=ff016ddb-5584-4b46-b38e-499f2baf1385&i=wav&sub=20210508&mv=true&src=-l
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp	String found in binary or memory: https://www.mywavehome.net/?u=ff016ddb-5584-4b46-b38e-499f2baf1385&i=wav&sub=20210508&mv=true6ddb-55
Source: wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/U
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/Y
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/ash
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/favicon.ico
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/favicon.icoV
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/favicon.icor
Source: wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/favicon.icoration
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.mywavehome.net/s
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.w3.gb
Source: wavebrowser.exe, 0000000B.00000002.1779400342.000002B257A94000.00000004.00000001.sdmp	String found in binary or memory: https://www.wavebrowser.co/about/?ext=EnhancedResultSettings
Source: wavebrowser.exe, 0000000B.00000002.1779400342.000002B257A94000.00000004.00000001.sdmp	String found in binary or memory: https://www.wavebrowser.co/about/?ext=HTTPSChecker
Source: wavebrowser.exe, 0000000B.00000003.1729859226.000002B2579CB000.00000004.00000001.sdmp	String found in binary or memory: https://www.wavebrowser.co/about/?ext=WaveMenu
Source: wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	String found in binary or memory: https://www.wavebrowser.co/about/?ext=WaveMenusion
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://www.yahoo.com/favicon.ico
Source: wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	String found in binary or memory: https://www.yahoo.com/favicon.ico58

Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 143.204.209.86:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.11.52:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.81.120:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.81.120:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.109:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.109:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.11.52:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.23.34.82:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.23.34.82:443 -> 192.168.2.4:49799 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Code function: 0_2_004051CF GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004051CF

DDoS:

Source: wavebrowser.exe

Process created: 42

System Summary:

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 4_2_00007FF6784599AC CreateProcessAsUserW,DestroyEnvironmentBlock,

4_2_00007FF6784599AC

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Code function: 0_2_004031D6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004031D6

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_00404A0E	0_2_00404A0E
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_004065F6	0_2_004065F6
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678463AA0	4_2_00007FF678463AA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844E1B0	4_2_00007FF67844E1B0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678447150	4_2_00007FF678447150
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844D940	4_2_00007FF67844D940
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678450160	4_2_00007FF678450160
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678466960	4_2_00007FF678466960
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B2A00	4_2_00007FF6784B2A00
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678445230	4_2_00007FF678445230
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844A230	4_2_00007FF67844A230
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6785591F0	4_2_00007FF6785591F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844B1F0	4_2_00007FF67844B1F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784559E0	4_2_00007FF6784559E0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B7290	4_2_00007FF6784B7290
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67848EAA0	4_2_00007FF67848EAA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67847C310	4_2_00007FF67847C310
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678463310	4_2_00007FF678463310
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678445300	4_2_00007FF678445300
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678449330	4_2_00007FF678449330
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67845433D	4_2_00007FF67845433D
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678443B70	4_2_00007FF678443B70
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678456B60	4_2_00007FF678456B60
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678450430	4_2_00007FF678450430
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678464430	4_2_00007FF678464430
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67845F3D0	4_2_00007FF67845F3D0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67846F4A0	4_2_00007FF67846F4A0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678463470	4_2_00007FF678463470
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678444C60	4_2_00007FF678444C60
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784DED10	4_2_00007FF6784DED10
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67846A590	4_2_00007FF67846A590
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844A590	4_2_00007FF67844A590
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67848BDA0	4_2_00007FF67848BDA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678462DA5	4_2_00007FF678462DA5
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784ED620	4_2_00007FF6784ED620
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784C5DD0	4_2_00007FF6784C5DD0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784445C0	4_2_00007FF6784445C0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B75F0	4_2_00007FF6784B75F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678445DF0	4_2_00007FF678445DF0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678613E78	4_2_00007FF678613E78
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678455670	4_2_00007FF678455670
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678464F00	4_2_00007FF678464F00
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678454F30	4_2_00007FF678454F30
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844B720	4_2_00007FF67844B720
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678455EC0	4_2_00007FF678455EC0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678558790	4_2_00007FF678558790
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678449010	4_2_00007FF678449010
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678576800	4_2_00007FF678576800
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B7FD0	4_2_00007FF6784B7FD0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B77D0	4_2_00007FF6784B77D0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67855EFF0	4_2_00007FF67855EFF0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6784B4050	4_2_00007FF6784B4050
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67844C039	4_2_00007FF67844C039
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67845D870	4_2_00007FF67845D870
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67859E850	4_2_00007FF67859E850
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF678461910	4_2_00007FF678461910
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844E1B0	5_2_00007FF67844E1B0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678447150	5_2_00007FF678447150
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844D940	5_2_00007FF67844D940
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678450160	5_2_00007FF678450160
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678466960	5_2_00007FF678466960
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B2A00	5_2_00007FF6784B2A00
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678445230	5_2_00007FF678445230
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844A230	5_2_00007FF67844A230
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6785591F0	5_2_00007FF6785591F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844B1F0	5_2_00007FF67844B1F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784559E0	5_2_00007FF6784559E0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B7290	5_2_00007FF6784B7290
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67848EAA0	5_2_00007FF67848EAA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678463AA0	5_2_00007FF678463AA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67847C310	5_2_00007FF67847C310
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678463310	5_2_00007FF678463310
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678445300	5_2_00007FF678445300
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678449330	5_2_00007FF678449330
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678457BA7	5_2_00007FF678457BA7
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67845433D	5_2_00007FF67845433D
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678443B70	5_2_00007FF678443B70
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678456B60	5_2_00007FF678456B60
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678450430	5_2_00007FF678450430
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678464430	5_2_00007FF678464430
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67845F3D0	5_2_00007FF67845F3D0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784ADC90	5_2_00007FF6784ADC90
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67846F4A0	5_2_00007FF67846F4A0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678463470	5_2_00007FF678463470
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678444C60	5_2_00007FF678444C60
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784DED10	5_2_00007FF6784DED10
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784594C0	5_2_00007FF6784594C0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67846A590	5_2_00007FF67846A590
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844A590	5_2_00007FF67844A590
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67848BDA0	5_2_00007FF67848BDA0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678462DA5	5_2_00007FF678462DA5
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784ED620	5_2_00007FF6784ED620
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784C5DD0	5_2_00007FF6784C5DD0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784445C0	5_2_00007FF6784445C0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B75F0	5_2_00007FF6784B75F0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678445DF0	5_2_00007FF678445DF0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678613E78	5_2_00007FF678613E78
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678455670	5_2_00007FF678455670
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678464F00	5_2_00007FF678464F00
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678454F30	5_2_00007FF678454F30
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844B720	5_2_00007FF67844B720
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678455EC0	5_2_00007FF678455EC0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678558790	5_2_00007FF678558790
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678449010	5_2_00007FF678449010
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67844C000	5_2_00007FF67844C000
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678576800	5_2_00007FF678576800
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B7FD0	5_2_00007FF6784B7FD0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B77D0	5_2_00007FF6784B77D0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6784B4050	5_2_00007FF6784B4050
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67845D870	5_2_00007FF67845D870
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67859E850	5_2_00007FF67859E850
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF678461910	5_2_00007FF678461910
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_004026A0	8_2_004026A0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00402140	8_2_00402140
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00401FC0	8_2_00401FC0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00401780	8_2_00401780
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40A060	12_2_00007FF7DD40A060
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DEA70	12_2_00007FF7DD3DEA70
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FB460	12_2_00007FF7DD3FB460
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E2420	12_2_00007FF7DD3E2420
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD416E70	12_2_00007FF7DD416E70
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40AEE0	12_2_00007FF7DD40AEE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F7F00	12_2_00007FF7DD3F7F00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD403D20	12_2_00007FF7DD403D20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FDD20	12_2_00007FF7DD3FDD20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40DD30	12_2_00007FF7DD40DD30
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F1D40	12_2_00007FF7DD3F1D40
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD412E00	12_2_00007FF7DD412E00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F0DB0	12_2_00007FF7DD3F0DB0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D3DC0	12_2_00007FF7DD3D3DC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FCDC0	12_2_00007FF7DD3FCDC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3ECDC0	12_2_00007FF7DD3ECDC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E4090	12_2_00007FF7DD3E4090
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40F0C0	12_2_00007FF7DD40F0C0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E6FE0	12_2_00007FF7DD3E6FE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40BA80	12_2_00007FF7DD40BA80
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D4A30	12_2_00007FF7DD3D4A30
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F3A27	12_2_00007FF7DD3F3A27
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3EDAE0	12_2_00007FF7DD3EDAE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3ECAF0	12_2_00007FF7DD3ECAF0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D4B00	12_2_00007FF7DD3D4B00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E9B10	12_2_00007FF7DD3E9B10
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D6950	12_2_00007FF7DD3D6950
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F29E0	12_2_00007FF7DD3F29E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD4299F0	12_2_00007FF7DD4299F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD5369D0	12_2_00007FF7DD5369D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD527C24	12_2_00007FF7DD527C24
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD53CD04	12_2_00007FF7DD53CD04
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD530C0C	12_2_00007FF7DD530C0C
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DB680	12_2_00007FF7DD3DB680
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E0690	12_2_00007FF7DD3E0690
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DC580	12_2_00007FF7DD3DC580
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD405550	12_2_00007FF7DD405550
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D55F0	12_2_00007FF7DD3D55F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F1860	12_2_00007FF7DD3F1860
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FC855	12_2_00007FF7DD3FC855
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DC8E2	12_2_00007FF7DD3DC8E2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD4B2780	12_2_00007FF7DD4B2780
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD40D740	12_2_00007FF7DD40D740
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3E87A0	12_2_00007FF7DD3E87A0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DD7C0	12_2_00007FF7DD3DD7C0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FF270	12_2_00007FF7DD3FF270
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3FD250	12_2_00007FF7DD3FD250
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD4032E0	12_2_00007FF7DD4032E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD54E308	12_2_00007FF7DD54E308
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD4442D0	12_2_00007FF7DD4442D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F01A2	12_2_00007FF7DD3F01A2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D4460	12_2_00007FF7DD3D4460
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD442450	12_2_00007FF7DD442450
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F14F0	12_2_00007FF7DD3F14F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD4254E0	12_2_00007FF7DD4254E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DE500	12_2_00007FF7DD3DE500
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3DB360	12_2_00007FF7DD3DB360
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3D3370	12_2_00007FF7DD3D3370
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD527394	12_2_00007FF7DD527394
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DB680	14_2_00007FF7DD3DB680
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F7F00	14_2_00007FF7DD3F7F00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DC580	14_2_00007FF7DD3DC580
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3FDD20	14_2_00007FF7DD3FDD20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD403D20	14_2_00007FF7DD403D20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F1D40	14_2_00007FF7DD3F1D40
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D9550	14_2_00007FF7DD3D9550
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D55F0	14_2_00007FF7DD3D55F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD412E00	14_2_00007FF7DD412E00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F0DB0	14_2_00007FF7DD3F0DB0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D3DC0	14_2_00007FF7DD3D3DC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3ECDC0	14_2_00007FF7DD3ECDC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F1860	14_2_00007FF7DD3F1860
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3E4090	14_2_00007FF7DD3E4090
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DC8E2	14_2_00007FF7DD3DC8E2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD40F0C0	14_2_00007FF7DD40F0C0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD4B2780	14_2_00007FF7DD4B2780
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3E6FE0	14_2_00007FF7DD3E6FE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3E87A0	14_2_00007FF7DD3E87A0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DD7C0	14_2_00007FF7DD3DD7C0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DEA70	14_2_00007FF7DD3DEA70
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD40BA80	14_2_00007FF7DD40BA80
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D4A30	14_2_00007FF7DD3D4A30
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F3A27	14_2_00007FF7DD3F3A27
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3FD250	14_2_00007FF7DD3FD250
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD4032E0	14_2_00007FF7DD4032E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3EDAE0	14_2_00007FF7DD3EDAE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3ECAF0	14_2_00007FF7DD3ECAF0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D4B00	14_2_00007FF7DD3D4B00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3E9B10	14_2_00007FF7DD3E9B10
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD4442D0	14_2_00007FF7DD4442D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D6950	14_2_00007FF7DD3D6950
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F29E0	14_2_00007FF7DD3F29E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD4299F0	14_2_00007FF7DD4299F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F01A2	14_2_00007FF7DD3F01A2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD5369D0	14_2_00007FF7DD5369D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D4460	14_2_00007FF7DD3D4460
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3E2420	14_2_00007FF7DD3E2420
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD53CD04	14_2_00007FF7DD53CD04
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F14F0	14_2_00007FF7DD3F14F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD4254E0	14_2_00007FF7DD4254E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DE500	14_2_00007FF7DD3DE500
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3DB360	14_2_00007FF7DD3DB360
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3D3370	14_2_00007FF7DD3D3370
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD527394	14_2_00007FF7DD527394
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DB680	15_2_00007FF7DD3DB680
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F7F00	15_2_00007FF7DD3F7F00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DC580	15_2_00007FF7DD3DC580
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3FDD20	15_2_00007FF7DD3FDD20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD403D20	15_2_00007FF7DD403D20
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F1D40	15_2_00007FF7DD3F1D40
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D9550	15_2_00007FF7DD3D9550
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D55F0	15_2_00007FF7DD3D55F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F3611	15_2_00007FF7DD3F3611
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD412E00	15_2_00007FF7DD412E00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D3DC0	15_2_00007FF7DD3D3DC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3ECDC0	15_2_00007FF7DD3ECDC0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F1860	15_2_00007FF7DD3F1860
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3E4090	15_2_00007FF7DD3E4090
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3E9840	15_2_00007FF7DD3E9840
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DC8E0	15_2_00007FF7DD3DC8E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD4B2780	15_2_00007FF7DD4B2780
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3E6FE0	15_2_00007FF7DD3E6FE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DD7C0	15_2_00007FF7DD3DD7C0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DEA70	15_2_00007FF7DD3DEA70
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D4A30	15_2_00007FF7DD3D4A30
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3FD250	15_2_00007FF7DD3FD250
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD4032E0	15_2_00007FF7DD4032E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3EDAE0	15_2_00007FF7DD3EDAE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3ECAF0	15_2_00007FF7DD3ECAF0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D4B00	15_2_00007FF7DD3D4B00
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD4442D0	15_2_00007FF7DD4442D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D6950	15_2_00007FF7DD3D6950
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F29E0	15_2_00007FF7DD3F29E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD4299F0	15_2_00007FF7DD4299F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F01A0	15_2_00007FF7DD3F01A0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD5369D0	15_2_00007FF7DD5369D0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D4460	15_2_00007FF7DD3D4460
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3FAC70	15_2_00007FF7DD3FAC70
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3E2420	15_2_00007FF7DD3E2420
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD53CD04	15_2_00007FF7DD53CD04
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F14F0	15_2_00007FF7DD3F14F0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD4254E0	15_2_00007FF7DD4254E0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DE500	15_2_00007FF7DD3DE500
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3DB362	15_2_00007FF7DD3DB362
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3D3370	15_2_00007FF7DD3D3370
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD527394	15_2_00007FF7DD527394

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: String function: 00007FF7DD544390 appears 45 times
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: String function: 00007FF7DD3EC590 appears 70 times

Source: setup.exe.4.dr

Static PE information: Resource name: RT_STRING type: Hitachi SH big-endian COFF executable, not stripped, 49035 sections, symbol offset=0x5480517f, 100672400 symbols, optional header size 55933

Source: wavebrowser.exe.4.dr	Static PE information: Number of sections : 12 > 10
Source: setup.exe.4.dr	Static PE information: Number of sections : 12 > 10

Source: setdf[1].exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: setdf.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wavebrowser.exe.4.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: wavebrowser.exe.4.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000001.671426985.00000000729E0000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamensResize.dllL vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSetUserFTA.exe6 vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000000.670701815.000000000043B000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameWave Browser: vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamesetup.exeL vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751622339.0000000003FA0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751580791.0000000003F50000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemswsock.dll.muij% vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp	Binary or memory string: ../../base/file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\../../base/files/file_util_win.ccMakeAbsoluteFilePathDeleteFileAfterRebootReplaceFileWPathExistsDirectoryExistsC:\CreateAndOpenTemporaryFileInDir.tmpCreateTemporaryDirInDirCreateNewTempDirectoryCreateDirectoryAndGetErrorGetFileInfoOpenFileWriteFileGetCurrentDirectoryWSetCurrentDirectoryWMoveUnsafeCopyAndDeleteDirectoryDeleteFile.RecursiveDeleteFile.NonRecursiveDeleteFileAndRecordMetricsDoDeleteFileWindows.PostOperationState.Windows.FilesystemError.DoCopyDirectoryDoCopyFile vs Wave Browser_cg5vc6cx_.exe
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751346367.0000000003100000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs Wave Browser_cg5vc6cx_.exe

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal42.spyw.evad.winEXE@80/265@10/19

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

Code function: 12_2_00007FF7DD428670 FormatMessageA,GetLastError,

12_2_00007FF7DD428670

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

0_2_004031D6

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Code function: 0_2_0040449B GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040449B

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 5_2_00007FF6784656A0 GetProcessId,GetLastError,CreateToolhelp32Snapshot,GetLastError,SetLastError,

5_2_00007FF6784656A0

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Code function: 0_2_004020D1 CoCreateInstance,MultiByteToWideChar,

0_2_004020D1

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

File created: C:\Users\user\Wavesor Software

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupExitEventMutex_6209002892563102683
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5860:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupMutex_6209002892563102683

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

File created: C:\Users\user\AppData\Local\Temp\nseBA50.tmp

Jump to behavior

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: wavebrowser.exe, 0000000B.00000003.749027523.000002B2550CE000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','field_info_index','field_info',#1,'CREATE INDEX field_info_index ON field_info (form_signature, field_signature)');z?H
Source: wavebrowser.exe, 0000000B.00000003.749027523.000002B2550CE000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','field_info_index','field_info',#1,'CREATE INDEX field_info_index ON field_info (form_signature, field_signature)');
Source: wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	Binary or memory string: SELECT origin_url, action_url, username_element, username_value, password_element, password_value, submit_element, signon_realm, date_created, blacklisted_by_user, scheme, password_type, times_used, form_data, date_synced, display_name, icon_url, federation_url, skip_zero_click, generation_upload_status, possible_username_pairs, id, date_last_used, moving_blocked_for FROM logins WHERE date_created >= ? AND date_created < ? ORDER BY origin_url;

Source: Wave Browser_cg5vc6cx_.exe	String found in binary or memory: "C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z" --do-not-register-for-update-launch --make-chrome-default
Source: Wave Browser_cg5vc6cx_.exe	String found in binary or memory: "C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z" --do-not-register-for-update-launch --make-chrome-default
Source: setup.exe	String found in binary or memory: Jy het nie die gepaste regte vir stelselvlak-installering nie. Probeer om die installeerder weer te laat loop as Administrateur.>
Source: setup.exe	String found in binary or memory: Wala kang naaangkop na mga karapatan para sa pag-install sa antas ng system. Subukan muling patakbuhin ang installer bilang Admini
Source: setup.exe	String found in binary or memory: ../../base/process/launch_win.cc
Source: setup.exe	String found in binary or memory: Jy het nie die gepaste regte vir stelselvlak-installering nie. Probeer om die installeerder weer te laat loop as Administrateur.>
Source: setup.exe	String found in binary or memory: Wala kang naaangkop na mga karapatan para sa pag-install sa antas ng system. Subukan muling patakbuhin ang installer bilang Admini
Source: setup.exe	String found in binary or memory: ../../base/process/launch_win.cc

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

File read: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe 'C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe'
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe 'C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe' --install-archive='C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z' --do-not-register-for-update-launch --make-chrome-default
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe 'C:\Users\user\AppData\Local\Temp\af85ff68-db96-4195-b531-f1a4aee5bead.tmp'
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --prevdefbrowser=2 --install-type=1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=1796 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:8
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:8
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe 'C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe' --install-archive='C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z' --do-not-register-for-update-launch --make-chrome-default	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe 'C:\Users\user\AppData\Local\Temp\af85ff68-db96-4195-b531-f1a4aee5bead.tmp'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --prevdefbrowser=2 --install-type=1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=1796 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Window detected: Number of UI elements: 11

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Registry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WaveBrowser

Jump to behavior

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: certificate valid

Source: Wave Browser_cg5vc6cx_.exe

Static file information: File size 64298088 > 1048576

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: setup.exe.pdb source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp, setup.exe, 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp
Source:	Binary string: wavebrowser.exe.pdb source: setup.exe, 00000004.00000003.726318035.00000236057B1000.00000004.00000001.sdmp
Source:	Binary string: wavebrowser_proxy.exe.pdb source: setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp

Data Obfuscation:

Source: Wave Browser_cg5vc6cx_.exe

Static PE information: real checksum: 0x3d53908 should be:

Source: wavebrowser.exe.4.dr	Static PE information: section name: .00cfg
Source: wavebrowser.exe.4.dr	Static PE information: section name: .gehcont
Source: wavebrowser.exe.4.dr	Static PE information: section name: .retplne
Source: wavebrowser.exe.4.dr	Static PE information: section name: CPADinfo
Source: wavebrowser.exe.4.dr	Static PE information: section name: _RDATA
Source: setup.exe.4.dr	Static PE information: section name: .00cfg
Source: setup.exe.4.dr	Static PE information: section name: .gehcont
Source: setup.exe.4.dr	Static PE information: section name: .retplne
Source: setup.exe.4.dr	Static PE information: section name: CPADinfo
Source: setup.exe.4.dr	Static PE information: section name: _RDATA

Persistence and Installation Behavior:

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\nsResize.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File created: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\Installer\setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser_proxy.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\inetc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\setdf[1].exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

File created: C:\Users\user\AppData\Local\Temp\wavebrowser_installer.log

Jump to behavior

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

File created: C:\Users\user\AppData\Local\Temp\3124_696802910\LICENSE.txt

Jump to behavior

Boot Survival:

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveBrowser.lnk

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_Bios

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 4_2_00007FF678447880 rdtsc

4_2_00007FF678447880

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_8-1328

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	API coverage: 9.6 %
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	API coverage: 3.6 %
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	API coverage: 9.9 %
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	API coverage: 0.9 %
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	API coverage: 6.0 %

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\00000409

Jump to behavior

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Model FROM Win32_ComputerSystem
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File Volume queried: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\wasm FullSizeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File Volume queried: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js FullSizeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File Volume queried: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\blob_storage\bc64e454-547f-4a76-aeae-81cc29e6e2b8 FullSizeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File Volume queried: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache FullSizeInformation

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_0040626D FindFirstFileA,FindClose,	0_2_0040626D
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_00405732 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405732
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe	Code function: 0_2_004026FE FindFirstFileA,	0_2_004026FE
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67845AC9D FindFirstFileExW,	4_2_00007FF67845AC9D
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67845AC9D FindFirstFileExW,	5_2_00007FF67845AC9D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD3F425D FindFirstFileExW,	12_2_00007FF7DD3F425D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD3F425D FindFirstFileExW,	14_2_00007FF7DD3F425D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD3F425D FindFirstFileExW,	15_2_00007FF7DD3F425D

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: wavebrowser.exe, 0000000B.00000002.1780046818.000002B257C87000.00000004.00000001.sdmp	Binary or memory string: VMware
Source: wavebrowser.exe, 0000000B.00000003.1728741183.000002B25BD6A000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWp
Source: setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW)?
Source: Wave Browser_cg5vc6cx_.exe, 00000000.00000003.747186594.0000000000777000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727556981.0000023603A65000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: wavebrowser.exe, 0000000B.00000003.1728741183.000002B25BD6A000.00000004.00000001.sdmp	Binary or memory string: Yvmware
Source: wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

API call chain: ExitProcess graph end node

graph_0-3772

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Found API chain indicative of debugger detection

Show sources

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

graph_8-1245

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 4_2_00007FF678447880 rdtsc

4_2_00007FF678447880

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 4_2_00007FF67860EB14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_00007FF67860EB14

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF67860EB14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FF67860EB14
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 4_2_00007FF6785FDE28 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FF6785FDE28
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF67860EB14 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF67860EB14
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Code function: 5_2_00007FF6785FDE28 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00007FF6785FDE28
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00401179 Sleep,Sleep,SetUnhandledExceptionFilter,_acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,GetStartupInfoA,_initterm,exit,	8_2_00401179
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00403BDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	8_2_00403BDC
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	Code function: 8_2_00403BE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	8_2_00403BE0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD532534 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00007FF7DD532534
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 12_2_00007FF7DD522178 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_00007FF7DD522178
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD532534 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_00007FF7DD532534
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 14_2_00007FF7DD522178 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_00007FF7DD522178
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD532534 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_00007FF7DD532534
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Code function: 15_2_00007FF7DD522178 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_00007FF7DD522178

HIPS / PFW / Operating System Protection Evasion:

Creates a thread in another existing process (thread injection)

Show sources

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Thread created: unknown EIP: 8D9F2530	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe 'C:\Users\user\AppData\Local\Temp\af85ff68-db96-4195-b531-f1a4aee5bead.tmp'	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=1796 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:8	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Process created: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Process created: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1	Jump to behavior

Source: wavebrowser.exe, 0000000B.00000002.1756834687.000002B251A80000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: wavebrowser.exe, 0000000B.00000002.1756834687.000002B251A80000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: wavebrowser.exe, 0000000B.00000002.1756834687.000002B251A80000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: wavebrowser.exe, 0000000B.00000002.1756834687.000002B251A80000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\Users\user\Wavesor Software\Temp\source3028_1457357344\Chrome-bin\master_preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\master_preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\default_apps\external_extensions.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\default_apps\external_extensions.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_1569129693\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_1413903802\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_1569129693\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\_locales\en\messages.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_1413903802\CRX_INSTALL\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\cplonachkpjlngkgbicfcmaelgeojmhe\1.0.1_0\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\cplonachkpjlngkgbicfcmaelgeojmhe\1.0.1_0\img\wav\icon16_disabled.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\_locales\en\messages.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\cmedgpckncgempanpegahopilddagioh\1.0.1_0\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\cmedgpckncgempanpegahopilddagioh\1.0.1_0\_locales\en\messages.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\hjbeoheoghofnhfmppfonmlmdanlmjoc\1.0.2_0\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extensions\hjbeoheoghofnhfmppfonmlmdanlmjoc\1.0.2_0\img\wav\icon16_disabled.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_528200686\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\TrustTokenKeyCommitments\2021.5.8.1\keys.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_1822817589\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_289367033\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_949570790\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\FileTypePolicies\43\download_file_types.pb VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_281591937\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\SSLErrorAssistant\7\ssl_error_assistant.pb VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_696802910\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_996831261\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\CertificateRevocation\6592\crl-set VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_630256060\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_1281437563\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\SafetyTips\2629\safety_tips.pb VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_652553750\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\TLSDeprecationConfig\4\tls_deprecation_config.pb VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_974187129\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\Crowd Deny\2021.4.26.1142\Preload Data VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_379039305\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3124_1864179955\manifest.json VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\english_wikipedia.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\female_names.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\male_names.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\passwords.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\surnames.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\WaveBrowser\User Data\ZxcvbnData\1\us_tv_and_film.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Bookmarks VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package001021~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MFCore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0018~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package001020~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00117~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0016~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Common-Foundation-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0012~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-RestrictedCodecsCore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Multimedia-MF-avcore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-InternetExplorer-inetcore-Package~31bf3856ad364e35~amd64~~11.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-Feature-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Media-Streaming-avcore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EnterpriseClientSync-Host-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0013~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-UI-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-FCI-Client-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe

Code function: 4_2_00007FF6785FEE34 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

4_2_00007FF6785FEE34

Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe

Code function: 8_2_0040158C GetCurrentProcessId,OpenProcess,OpenProcessToken,malloc,LookupAccountNameA,CheckTokenMembership,

8_2_0040158C

Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe

0_2_004031D6

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information:

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts1	Windows Management Instrumentation121	DLL Search Order Hijacking2	DLL Search Order Hijacking2	Deobfuscate/Decode Files or Information1	OS Credential Dumping1	System Time Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	System Shutdown/Reboot1
Default Accounts	Native API1	Valid Accounts1	Valid Accounts1	Obfuscated Files or Information1	LSASS Memory	Account Discovery1	Remote Desktop Protocol	Data from Local System1	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Command and Scripting Interpreter12	Windows Service1	Access Token Manipulation11	Software Packing1	Security Account Manager	File and Directory Discovery3	SMB/Windows Admin Shares	Clipboard Data1	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Registry Run Keys / Startup Folder1	Windows Service1	DLL Search Order Hijacking2	NTDS	System Information Discovery137	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Process Injection112	Masquerading1	LSA Secrets	Query Registry1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Registry Run Keys / Startup Folder1	Valid Accounts1	Cached Domain Credentials	Security Software Discovery151	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion13	DCSync	Virtualization/Sandbox Evasion13	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Access Token Manipulation11	Proc Filesystem	Process Discovery3	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Process Injection112	/etc/passwd and /etc/shadow	System Owner/User Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	Remote System Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Wave Browser_cg5vc6cx_.exe	0%	Virustotal		Browse
Wave Browser_cg5vc6cx_.exe	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\setdf[1].exe	8%	Metadefender	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\setdf[1].exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nseBA51.tmp\System.dll	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\nseBA51.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nseBA51.tmp\inetc.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nseBA51.tmp\nsDialogs.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nseBA51.tmp\nsResize.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	8%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe	0%	ReversingLabs
C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\Installer\setup.exe	0%	ReversingLabs
C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Download
8.1.setdf.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.1.Wave Browser_cg5vc6cx_.exe.729e0000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen7	Download File
0.2.Wave Browser_cg5vc6cx_.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1130366	Download File
0.0.Wave Browser_cg5vc6cx_.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1130366	Download File
0.1.Wave Browser_cg5vc6cx_.exe.729e0000.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen7	Download File

Domains

Source	Detection	Scanner	Link
cdn.wavebrowserbase.com	0%	Virustotal	Browse
api.wavebrowserbase.com	1%	Virustotal	Browse
api.wavebrowser.co	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://api.wavebrowser.co/i?ua=%7B%22strt%22%3A%22inst%22%7D%24BRWSR-GENERIC&uid=ff016de-499f2b	0%	Avira URL Cloud	safe
https://api.wavebrowserbase.com/store/user/?id=&iid=wav_Jr	0%	Avira URL Cloud	safe
https://apimvinstall-typenobmnoimportnostartprevdefbrowserwidstrtlditismiautwtsqlihttps://api.wavebr	0%	Avira URL Cloud	safe
https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_sonW	0%	Avira URL Cloud	safe
https://api.wavebrowser.co/i?ua=%7B%22strt%22%3A%22inst%22%7D%24BRWSR-GENERIC&uid=ff016d	0%	Avira URL Cloud	safe
https://www.mywavehome.net/?u=ff016ddb-5584-4b46-b38e-499f2baf1385&i=wav&sub=20210508&mv=true&src=-l	0%	Avira URL Cloud	safe
https://www.wavebrowser.co/about/?ext=HTTPSChecker	0%	Avira URL Cloud	safe
https://ueue.js	0%	Avira URL Cloud	safe
https://www.mywavehome.net/?u=ff016ddb-5584-4b46-b38e-499f2baf1385&i=wav&sub=20210508&mv=true6ddb-55	0%	Avira URL Cloud	safe
https://mywavehome.net/(	0%	Avira URL Cloud	safe
https://www.mywavehome.net/favicon.icoration	0%	Avira URL Cloud	safe
http://pki.goog/repo/certs/gtsr1.der04	0%	Avira URL Cloud	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://ocsp.rootg2.amazontrust.com08	0%	URL Reputation	safe
http://ocsp.rootg2.amazontrust.com08	0%	URL Reputation	safe
http://ocsp.rootg2.amazontrust.com08	0%	URL Reputation	safe
https://www.google.	0%	URL Reputation	safe
https://www.google.	0%	URL Reputation	safe
https://www.google.	0%	URL Reputation	safe
https://cdn.wavebrowserbase.com/	0%	Avira URL Cloud	safe
http://crl.pki.goog/GTS1O1core.crl0	0%	URL Reputation	safe
http://crl.pki.goog/GTS1O1core.crl0	0%	URL Reputation	safe
http://crl.pki.goog/GTS1O1core.crl0	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
https://api.wavebrowserbase.com/store/user/	0%	Avira URL Cloud	safe
http://crl.sca1b.amazontrust.com/sca1b.crl0	0%	URL Reputation	safe
http://crl.sca1b.amazontrust.com/sca1b.crl0	0%	URL Reputation	safe
http://crl.sca1b.amazontrust.com/sca1b.crl0	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
https://www.wavebrowser.co/about/?ext=EnhancedResultSettings	0%	Avira URL Cloud	safe
https://www.wavebrowser.co/about/?ext=WaveMenu	0%	Avira URL Cloud	safe
https://mywavehome.net/I	0%	Avira URL Cloud	safe
https://chrome.ge.co	0%	Avira URL Cloud	safe
https://api.wavebrowser.co/	0%	Avira URL Cloud	safe
https://cdn.wavebrowserbase.com/tools/setdf.exe/SILENTsetup.exewavebrowser.packed.7z	0%	Avira URL Cloud	safe
https://www.google.http	0%	Avira URL Cloud	safe
http://ocsp.sca1b.amazontrust.com	0%	URL Reputation	safe
http://ocsp.sca1b.amazontrust.com	0%	URL Reputation	safe
http://ocsp.sca1b.amazontrust.com	0%	URL Reputation	safe
https://cdn.wavebrowserbase.com/tools/setdf.exev	0%	Avira URL Cloud	safe
http://ocsp.rootca1.amazontrust.cF	0%	Avira URL Cloud	safe
http://ocsp.sca1b.amazontrust.com06	0%	URL Reputation	safe
http://ocsp.sca1b.amazontrust.com06	0%	URL Reputation	safe
http://ocsp.sca1b.amazontrust.com06	0%	URL Reputation	safe
http://crls.pki.goog/gts	0%	Avira URL Cloud	safe
https://chrome.googlm/we	0%	Avira URL Cloud	safe
https://www.mywavehome.net	0%	Avira URL Cloud	safe
https://wavebrowser.co/about/	0%	Avira URL Cloud	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
http://crl.rootca1.amazontrust.com/rootca1.crl0	0%	URL Reputation	safe
http://crl.pki.goog/gtsr1/gtsr1.crl0W	0%	Avira URL Cloud	safe
http://pki.goog/gsr2/GTS1O1.crt0	0%	URL Reputation	safe
http://pki.goog/gsr2/GTS1O1.crt0	0%	URL Reputation	safe
http://pki.goog/gsr2/GTS1O1.crt0	0%	URL Reputation	safe
https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_3	0%	Avira URL Cloud	safe
https://cdn.wavebrowserbase.com/tools/setdf.exe	0%	Avira URL Cloud	safe
http://ocsp.rootca1.amazontrust.com0:	0%	Avira URL Cloud	safe
https://pki.goog/repository/0	0%	URL Reputation	safe
https://pki.goog/repository/0	0%	URL Reputation	safe
https://pki.goog/repository/0	0%	URL Reputation	safe
https://chrome.g	0%	Avira URL Cloud	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
https://www.mywavehome.net/favicon.icoV	0%	Avira URL Cloud	safe
http://kolbi.cz	0%	Avira URL Cloud	safe
http://crl.rootg2.amazontrust.com/rootg2.crl0	0%	URL Reputation	safe
http://crl.rootg2.amazontrust.com/rootg2.crl0	0%	URL Reputation	safe
http://crl.rootg2.amazontrust.com/rootg2.crl0	0%	URL Reputation	safe
http://ocsp.pki	0%	Avira URL Cloud	safe
https://www.mywavehome.net/favicon.icor	0%	Avira URL Cloud	safe
https://wavebrowser.co/privacy/?b=true	0%	Avira URL Cloud	safe
https://api.wavebrowserbase.com/store/user/?id=&iid=wav_Gr	0%	Avira URL Cloud	safe
https://api.wavebrowserbase.com/inst/1/status/	0%	Avira URL Cloud	safe
https://wavebrowser.co/uninstall/.	0%	Avira URL Cloud	safe
http://o.ss2.us/0	0%	URL Reputation	safe
http://o.ss2.us/0	0%	URL Reputation	safe
http://o.ss2.us/0	0%	URL Reputation	safe
https://cdn.wavebrowserbase.com/tools/setdf.exea	0%	Avira URL Cloud	safe
https://fonts.googleapis	0%	Avira URL Cloud	safe
http://crl.pki.goog/gsr2/gsr2.crl0?	0%	URL Reputation	safe
http://crl.pki.goog/gsr2/gsr2.crl0?	0%	URL Reputation	safe
http://crl.pki.goog/gsr2/gsr2.crl0?	0%	URL Reputation	safe
https://www.wavebrowser.co/about/?ext=WaveMenusion	0%	Avira URL Cloud	safe
http://crt.F	0%	Avira URL Cloud	safe
http://crl.pki.goog/gsr1/gsr1.crl0;	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdn.wavebrowserbase.com	143.204.209.86	true	false	0%, Virustotal, Browse	unknown
api.wavebrowserbase.com	52.72.140.231	true	false	1%, Virustotal, Browse	unknown
api.wavebrowser.co	52.72.140.231	true	false	1%, Virustotal, Browse	unknown
googlehosted.l.googleusercontent.com	172.217.20.1	true	false		high
www.mywavehome.net	54.87.190.176	true	false		unknown
dns.google	8.8.8.8	true	false		unknown
s2.googleusercontent.com	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	false		high
https://api.wavebrowser.co/i?ua=%7B%22strt%22%3A%22inst%22%7D%24BRWSR-GENERIC&uid=ff016de-499f2b	wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.wavebrowserbase.com/store/user/?id=&iid=wav_Jr	setup.exe, 00000004.00000002.741508731.00000236039FC000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://apimvinstall-typenobmnoimportnostartprevdefbrowserwidstrtlditismiautwtsqlihttps://api.wavebr	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	false	Avira URL Cloud: safe	low
https://duckduckgo.com/ac/?q=	wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	false		high
https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_sonW	setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icodA	wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	false		high
https://api.wavebrowser.co/i?ua=%7B%22strt%22%3A%22inst%22%7D%24BRWSR-GENERIC&uid=ff016d	wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mywavehome.net/?u=ff016ddb-5584-4b46-b38e-499f2baf1385&i=wav&sub=20210508&mv=true&src=-l	wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://ff.search.yahoo.com/gossip?output=fxjson&command=	wavebrowser.exe, 0000000B.00000003.1729336693.000002B257F63000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	false		high
https://www.wavebrowser.co/about/?ext=HTTPSChecker	wavebrowser.exe, 0000000B.00000002.1779400342.000002B257A94000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false		high
https://duckduckgo.com/chrome_newtabixAll	wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	false		high
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	false		high
https://ueue.js	wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mywavehome.net/?u=ff016ddb-5584-4b46-b38e-499f2baf1385&i=wav&sub=20210508&mv=true6ddb-55	setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://mywavehome.net/(	wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mywavehome.net/favicon.icoration	wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://pki.goog/repo/certs/gtsr1.der04	wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://search.yahoo.com/search?p=	wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmp	false		high
http://www.founder.com.cn/cn/cThe	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ocsp.rootg2.amazontrust.com08	Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js	wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	false		high
https://bugs.chromium.org/p/chromium/issues/entry?template=Safety	wavebrowser.exe, 0000000B.00000002.1754177828.000002B251240000.00000002.00000001.sdmp	false		high
https://www.google.	wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://cdn.wavebrowserbase.com/	Wave Browser_cg5vc6cx_.exe, 00000000.00000003.747186594.0000000000777000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.pki.goog/GTS1O1core.crl0	wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://api.wavebrowserbase.com/store/user/	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.sca1b.amazontrust.com/sca1b.crl0	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.urwpp.deDPlease	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ff.search.yahoo.com/gossip?output=fxjson&command=searchTerms	wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	false		high
https://www.wavebrowser.co/about/?ext=EnhancedResultSettings	wavebrowser.exe, 0000000B.00000002.1779400342.000002B257A94000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.wavebrowser.co/about/?ext=WaveMenu	wavebrowser.exe, 0000000B.00000003.1729859226.000002B2579CB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://mywavehome.net/I	wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://chrome.ge.co	wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.wavebrowser.co/	setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.wavebrowserbase.com/tools/setdf.exe/SILENTsetup.exewavebrowser.packed.7z	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.http	wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.sca1b.amazontrust.com	wavebrowser.exe, 0000000B.00000003.765752103.000002B255338000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.yahoo.com/favicon.ico58	wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	false		high
https://cdn.wavebrowserbase.com/tools/setdf.exev	Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://crashpad.chromium.org/	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	false		high
http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe	wavebrowser.exe, 0000000B.00000003.748819653.000002B2552E5000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/favicon.ico64	wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	false		high
http://ocsp.rootca1.amazontrust.cF	Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.sca1b.amazontrust.com06	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://duckduckgo.com/?q=	wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	false		high
http://crls.pki.goog/gts	wavebrowser.exe, 0000000B.00000002.1774543913.000002B2552E9000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://chrome.googlm/we	wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mywavehome.net	wavebrowser.exe, 0000000B.00000002.1774100618.000002B255225000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000003.1729635403.000002B257F15000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.ico	wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	false		high
https://wavebrowser.co/about/	Wave Browser_cg5vc6cx_.exe, 00000000.00000003.672165292.000000000079B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://crl.pki.goog/gtsr1/gtsr1.crl0W	wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://pki.goog/gsr2/GTS1O1.crt0	wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_3	setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.wavebrowserbase.com/tools/setdf.exe	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.748145722.00000000007C5000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.740274770.0000023605965000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_ErrorError	Wave Browser_cg5vc6cx_.exe, 00000000.00000000.670692197.0000000000409000.00000008.00020000.sdmp	false		high
https://pki.goog/repository/0	wavebrowser.exe, 0000000B.00000003.1733667772.000002B258010000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://chrome.g	wavebrowser.exe, 0000000B.00000002.1778719152.000002B2579B0000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.yahoo.com/favicon.icorms	wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/favicon.ico	wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	false		high
http://www.carterandcone.coml	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.mywavehome.net/favicon.icoV	wavebrowser.exe, 0000000B.00000002.1779851270.000002B257BBB000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://kolbi.cz	setdf.exe, 00000008.00000000.731452554.0000000000406000.00000002.00020000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.rootg2.amazontrust.com/rootg2.crl0	Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ocsp.pki	wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.mywavehome.net/favicon.icor	wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false		high
http://nsis.sf.net/NSIS_Error	Wave Browser_cg5vc6cx_.exe, Wave Browser_cg5vc6cx_.exe, 00000000.00000000.670692197.0000000000409000.00000008.00020000.sdmp	false		high
https://wavebrowser.co/privacy/?b=true	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.747990448.0000000000753000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.wavebrowserbase.com/store/user/?id=&iid=wav_Gr	setup.exe, 00000004.00000002.741473586.00000236039D0000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://api.wavebrowserbase.com/inst/1/status/	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://wavebrowser.co/uninstall/.	Wave Browser_cg5vc6cx_.exe, 00000000.00000003.681643384.00000000007A2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://o.ss2.us/0	Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp, setup.exe, 00000004.00000003.727539925.0000023603A4B000.00000004.00000001.sdmp, wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://cdn.wavebrowserbase.com/tools/setdf.exea	Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://fonts.googleapis	wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.pki.goog/gsr2/gsr2.crl0?	wavebrowser.exe, 0000000B.00000003.1730731860.000002B257A4B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://feedback.googleusercontent.com	wavebrowser.exe, 0000000B.00000002.1779012182.000002B2579F1000.00000004.00000001.sdmp	false		high
http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs;	wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	false		high
https://www.wavebrowser.co/about/?ext=WaveMenusion	wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crt.F	Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersG	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false		high
http://crl.pki.goog/gsr1/gsr1.crl0;	wavebrowser.exe, 0000000B.00000002.1767831849.000002B2548F0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/?	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false		high
http://www.founder.com.cn/cn/bThe	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://search.yahoo.com/favicon.ico.2	wavebrowser.exe, 0000000B.00000003.748314175.000002B2551C9000.00000004.00000001.sdmp	false		high
http://ocsp.sectigo.com0	Wave Browser_cg5vc6cx_.exe, 00000000.00000003.685271569.00000000007D3000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://cdn.jsdelivr.net/npm/vuetify	wavebrowser.exe, 0000000B.00000002.1780288991.000002B257D2F000.00000004.00000001.sdmp	false		high
https://www.mywavehome.net/U	wavebrowser.exe, 0000000B.00000003.1729983363.000002B257A29000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.wavebrowserbase.com/inst/1/status/chr_install_started?id=&iid=wav_0E	setup.exe, 00000004.00000003.740992862.0000023605975000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/search?q=	wavebrowser.exe, 0000000B.00000002.1773416690.000002B2550FF000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designers?	wavebrowser.exe, 0000000B.00000002.1776100648.000002B255B16000.00000002.00000001.sdmp	false		high
https://crashpad.chromium.org/bug/new	Wave Browser_cg5vc6cx_.exe, 00000000.00000002.751781873.0000000005A5F000.00000004.00000001.sdmp, setup.exe, 00000004.00000000.694253174.00007FF678630000.00000002.00020000.sdmp, setup.exe, 00000005.00000000.696922278.00007FF678630000.00000002.00020000.sdmp	false		high
http://www.unicode.org/copyright.html	wavebrowser.exe, 0000000B.00000002.1756997317.000002B2530A0000.00000002.00000001.sdmp	false		high
https://www.mywavehome.net/?u=ff016ddb-5584-4b46-b38e-499f2baf1385&i=wav&sub=20210508&mv=true	setup.exe, 00000004.00000002.741521262.0000023603A03000.00000004.00000020.sdmp, wavebrowser.exe, 0000000B.00000002.1755179760.000002B25136A000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
52.72.140.231	api.wavebrowserbase.com	United States	14618	AMAZON-AESUS	false
216.58.214.195	unknown	United States	15169	GOOGLEUS	false
143.204.209.86	cdn.wavebrowserbase.com	United States	16509	AMAZON-02US	false
172.217.19.106	unknown	United States	15169	GOOGLEUS	false
1.1.0.7	unknown	China	13335	CLOUDFLARENETUS	false
172.217.19.100	unknown	United States	15169	GOOGLEUS	false
34.198.11.52	unknown	United States	14618	AMAZON-AESUS	false
172.217.19.115	unknown	United States	15169	GOOGLEUS	false
151.101.2.109	unknown	United States	54113	FASTLYUS	false
34.198.81.120	unknown	United States	14618	AMAZON-AESUS	false
142.250.181.238	unknown	United States	15169	GOOGLEUS	false
23.23.34.82	unknown	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.20.1	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
104.20.23.216	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.20.3	unknown	United States	15169	GOOGLEUS	false
172.217.20.10	unknown	United States	15169	GOOGLEUS	false
172.217.22.227	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	407799
Start date:	08.05.2021
Start time:	06:19:20
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 24m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Wave Browser_cg5vc6cx_.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal42.spyw.evad.winEXE@80/265@10/19
EGA Information:	Successful, ratio: 87.5%
HDC Information:	Successful, ratio: 70.5% (good quality ratio 58.2%) Quality average: 58.6% Quality standard deviation: 36%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Excluded IPs from analysis (whitelisted): 168.61.161.212, 20.82.210.154, 52.113.196.254, 13.64.90.137, 92.122.145.220, 92.122.213.247, 92.122.213.194, 205.185.216.10, 205.185.216.42, 172.217.18.77, 20.82.209.183, 216.58.214.238, 95.168.222.145, 52.155.217.156, 20.54.26.129, 95.168.222.141, 95.168.222.140, 95.168.222.76, 95.168.222.77, 95.168.222.15, 95.168.222.146, 34.104.35.123, 40.126.31.137, 40.126.31.6, 40.126.31.135, 40.126.31.143, 20.190.159.136, 20.190.159.134, 40.126.31.1, 40.126.31.141, 51.104.136.2, 20.49.150.241, 95.168.222.143, 20.50.102.62 Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, r4.sn-n02xgoxufvg3-2gbs.gvt1.com, r1.sn-n02xgoxufvg3-2gbs.gvt1.com, r2---sn-n02xgoxufvg3-2gbl.gvt1.com, r4---sn-n02xgoxufvg3-2gbz.gvt1.com, r6---sn-n02xgoxufvg3-2gbs.gvt1.com, login.live.com, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, watson.telemetry.microsoft.com, au-bg-shim.trafficmanager.net, r2.sn-n02xgoxufvg3-2gbl.gvt1.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, r1.sn-n02xgoxufvg3-2gbl.gvt1.com, www.tm.a.prd.aadg.akadns.net, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, edgedl.me.gvt1.com, store-images.s-microsoft.com, r2.sn-n02xgoxufvg3-2gbs.gvt1.com, blobcollector.events.data.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net, r2---sn-n02xgoxufvg3-2gbs.gvt1.com, r1---sn-n02xgoxufvg3-2gbl.gvt1.com, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, teams-9999.teams-msedge.net, e12564.dspb.akamaiedge.net, redirector.gvt1.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, r6.sn-n02xgoxufvg3-2gbs.gvt1.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, accounts.google.com, r4.sn-n02xgoxufvg3-2gbz.gvt1.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, cds.d2s7q6s2.hwcdn.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, r1---sn-n02xgoxufvg3-2gbs.gvt1.com, login.msa.msidentity.com, r7.sn-n02xgoxufvg3-2gbs.gvt1.com, r7---sn-n02xgoxufvg3-2gbs.gvt1.com, r4---sn-n02xgoxufvg3-2gbs.gvt1.com, teams-ring.teams-9999.teams-msedge.net, teams-ring.msedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadFile calls found. Report size getting too big, too many NtReadVirtualMemory calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
52.72.140.231	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse
1.1.0.7	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse
34.198.11.52	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse
151.101.2.109	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse
	ACH WIRE INF0RMATION.xlsx	Get hash	malicious	Browse
	ACH WIRE INF0RMATION.xlsx	Get hash	malicious	Browse
	ACH WIRE INF0RMATION.xlsx	Get hash	malicious	Browse
	ACHWIREPAYMENTINFORMATION.xlsx	Get hash	malicious	Browse
	SecuriteInfo.com.XLSX.Onephish.B.genCamelot.17169.xlsx	Get hash	malicious	Browse
	https://micrrosoftonline13392123112a.typeform.com/to/y7uCHr2N	Get hash	malicious	Browse
	http://bit.ly/2K9I7Q5	Get hash	malicious	Browse
	https://bit.ly/2VPfIRO	Get hash	malicious	Browse
	https://url.emailprotection.link/?bZQI-pkAlI0NYncBlAGCDUB8qi1rfc0eOPMee-I8wIJoFz_rToxiu0F68VxVouCstQdbZohtz1BTD-9xg2cNVkqN-G7JmjEyMrvP7GFaDtSjD8NIornwI7suaFzJ_WoRdLwqEr2T31Dmo6qwbds6sn46N-C0b1P9hG2Y73rYLj44~	Get hash	malicious	Browse
	https://www.evernote.com/shard/s395/sh/e6cd3f32-356e-2b0f-29eb-532205cb0cdd/b301c5a7d8494fe2a6f2588862012fb5	Get hash	malicious	Browse
	https://nandirudraksh.com/wp-includes/nz	Get hash	malicious	Browse
	https://www.evernote.com/shard/s388/sh/9c47779f-4cca-4ce6-ac44-541ac5f1d3bc/b1c9d6f77076f60f846a4fee1797af69&d=DwMGaQ	Get hash	malicious	Browse
	https://mainprops.typeform.com/to/gHgyBoFX	Get hash	malicious	Browse
	https://bit.ly/2IND0ob	Get hash	malicious	Browse
	https://app.box.com/s/mk1t9s05ty9ba7rvsdbstgc46rb4fod7	Get hash	malicious	Browse
	https://kevindenkmann.typeform.com/to/rZWKMQjQ	Get hash	malicious	Browse
	https://mmemicrosoftwebsss.typeform.com/to/sIZVMxGk	Get hash	malicious	Browse
	https://app.box.com/s/4qh80d5v0isn028co16h3leg3k11ku28	Get hash	malicious	Browse
	https://www.evernote.com/shard/s624/sh/23f89f62-f6a6-593d-7b2d-e1727bf0a5b9/8e13c642f2e3a2a6c9afb17e059a1de2	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
www.mywavehome.net	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse	34.198.81.120
www.mywavehome.net	5LjNWb5aY9.exe	Get hash	malicious	Browse	34.198.81.120
cdn.wavebrowserbase.com	5LjNWb5aY9.exe	Get hash	malicious	Browse	143.204.98.106
dns.google	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse	8.8.4.4
	5LjNWb5aY9.exe	Get hash	malicious	Browse	8.8.4.4
	2oI0mzTrNX.exe	Get hash	malicious	Browse	8.8.8.8
	BraveBrowserSetup.exe	Get hash	malicious	Browse	8.8.4.4
	BraveBrowserSetup.exe	Get hash	malicious	Browse	8.8.4.4
	ykCOcNQFL2.exe	Get hash	malicious	Browse	8.8.8.8
	Vivaldi.3.5.2115.87.x64.exe	Get hash	malicious	Browse	8.8.4.4
	Click HERE to start the WebExplorer Browser Installer_49807x_.exe	Get hash	malicious	Browse	8.8.8.8
	click here to start the file launcher by webnavigator installer_zg9ld3is_.exe	Get hash	malicious	Browse	8.8.4.4
	egint_cryptor.exe	Get hash	malicious	Browse	8.8.8.8
	https://www.canva.com/design/DAEMFdyXLwU/Qca1gQjVaXRphNINixMtCg/view?utm_content=DAEMFdyXLwU&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse	8.8.8.8
	https://www.canva.com/design/DAEL43-jQV8/qmdSuayGbmeEepez0-1VZA/view?utm_content=DAEL43-jQV8&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse	8.8.8.8
	https://protect-us.mimecast.com/s/9avzCyPnXnHmpjRhMV_8V?domain=canva.com	Get hash	malicious	Browse	8.8.4.4
	https://www.canva.com/design/DAELz9UUL1w/ENCn6ncNP6f9wZcjOCtqGg/view?utm_content=DAELz9UUL1w&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink	Get hash	malicious	Browse	8.8.8.8
	https://www.canva.com/design/DAELt-U5xVY/fQ4QftqZ0usVjZkTIl4x_A/view?utm_content=DAELt-U5xVY&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink	Get hash	malicious	Browse	8.8.8.8
	https://www.canva.com/design/DAELr-nlDTA/fpcQmRUPlLkIPpseuy9fLg/view?utm_content=DAELr-nlDTA&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse	8.8.8.8
	https://www.canva.com/design/DAELca4DyWs/6xEIsOMGySuzh6rwZV8Wig/view?utm_c_ontent_=DAELca4DyWs&utm_campaign	Get hash	malicious	Browse	8.8.8.8
	https://www.canva.com/design/DAELWQaP1NY/zqpFXBYJNmeOoq8jyC4Gug/view?utm_content=DAELWQaP1NY&utm_campaign	Get hash	malicious	Browse	8.8.8.8
	https://www.canva.com/design/DAELQco9rBg/3vxszb1fMq15ycrNfRXGig/view?utm_content=DAELQco9rBg&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse	8.8.8.8
	https://www.canva.com/design/DAELJ7DCP0Y/qONQ3YUoBH2iMhW9GKr91A/watch?utm_content=DAELJ7DCP0Y&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink	Get hash	malicious	Browse	8.8.8.8
api.wavebrowserbase.com	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse	34.198.11.52
api.wavebrowser.co	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse	52.72.140.231

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AMAZON-02US	2B0CsHzr8o.exe	Get hash	malicious	Browse	52.15.160.167
	86e010b6_by_Libranalysis.dll	Get hash	malicious	Browse	143.204.203.74
	rgdBZ1256E.exe	Get hash	malicious	Browse	3.13.191.225
	vZvmgrCXam.exe	Get hash	malicious	Browse	3.22.15.135
	f37daf2f_by_Libranalysis.dll	Get hash	malicious	Browse	54.192.157.72
	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse	143.204.98.92
	4663d5c2_by_Libranalysis.dll	Get hash	malicious	Browse	143.204.203.74
	tgix.exe	Get hash	malicious	Browse	13.59.53.244
	xN1ZUKH5On.dll	Get hash	malicious	Browse	13.227.135.72
	Im3NrBmtom.dll	Get hash	malicious	Browse	13.227.135.72
	a4fed133_by_Libranalysis.dll	Get hash	malicious	Browse	13.225.27.73
	4474dd4c_by_Libranalysis.dll	Get hash	malicious	Browse	143.204.203.74
	43557e1330e200583d0d833b7e18d7e708a3c0c2c36fe.dll	Get hash	malicious	Browse	143.204.203.74
	cad3436d1b162c61aa1b67b0e7b5b7f76f20d0e3487c2.dll	Get hash	malicious	Browse	143.204.203.74
	hn80vhR3y1.exe	Get hash	malicious	Browse	143.204.209.2
	Documento.xlsx	Get hash	malicious	Browse	99.83.154.118
	xcAujDFUTJ.exe	Get hash	malicious	Browse	3.132.159.158
	OW75Vlaas8.dll	Get hash	malicious	Browse	143.204.203.74
	06ABA312B446BF01180D633C94686C5AB2D102D40156B.exe	Get hash	malicious	Browse	3.13.191.225
AMAZON-AESUS	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse	34.198.81.120
	ARtifac.exe	Get hash	malicious	Browse	52.44.148.105
	tgix.exe	Get hash	malicious	Browse	35.169.225.248
	JZ74.vbs	Get hash	malicious	Browse	54.91.196.22
	73e5cc2e_by_Libranalysis.docx	Get hash	malicious	Browse	54.83.52.76
	NEW ORDER.exe	Get hash	malicious	Browse	52.44.215.6
	c679be2f_by_Libranalysis.exe	Get hash	malicious	Browse	50.17.5.224
	K4ze1ZXV0W.exe	Get hash	malicious	Browse	54.243.154.178
	5LjNWb5aY9.exe	Get hash	malicious	Browse	54.160.172.209
	presentation.jar	Get hash	malicious	Browse	3.212.50.245
	presentation.jar	Get hash	malicious	Browse	34.202.206.65
	60b88477_by_Libranalysis.exe	Get hash	malicious	Browse	34.202.122.77
	mazx_3.exe	Get hash	malicious	Browse	23.21.48.44
	ACH Payment.html	Get hash	malicious	Browse	100.26.130.143
	REVISED ORDER.exe	Get hash	malicious	Browse	54.85.86.211
	e9777bb4_by_Libranalysis.exe	Get hash	malicious	Browse	54.237.120.40
	file.msg.exe	Get hash	malicious	Browse	54.174.78.117
	3029ed0d_by_Libranalysis.exe	Get hash	malicious	Browse	54.235.83.248
	fecd086e_by_Libranalysis.rtf	Get hash	malicious	Browse	54.83.52.76
	sa.exe	Get hash	malicious	Browse	3.81.223.53

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
b32309a26951912be7dba376398abc3b	V___oic______ePl_a_ybac___k for___ ___Bsakhitab______ ______Varde.htm	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	#U6807#U724c#U6e2f#U7ec8#U7aef.exe	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	ACH Payment.html	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	#U260e#Ufe0f PAudioMessage_8211-911.htm	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	1.unMineable Miner 1.0.1-beta-packed.exe	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	test.html	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	PaymentAdvice - Copy.htm	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	INVOICE & STATEMENTS -COPY.htm	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	DGNTL04052021.2-8864.html	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	Notes Received gcgaming.com.html	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	Tree Top.html	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	efax637637637.htm	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	afafd.htm	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	FedEx Shipment Address Update Form2021.html	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	sean.adair@redwirespace.com1__redwirespace.com.htm	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	FAXQKJEZPA42S.htm	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	Monday, April 19th, 2021, 20210419034211.37352E088CBDC09B@classactsautobody.com.htm	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	042021.htm	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
	Maersk_BL Draft_copy_Shipping_documents.html	Get hash	malicious	Browse	52.72.140.231 23.23.34.82 34.198.11.52 151.101.2.109 34.198.81.120
37f463bf4616ecd445d4a1937da06e19	67145aa4_by_Libranalysis.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	L1OfZGmTdY.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	Vod0SIa1wA.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	sXSFx2Gnem.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	6siDw7cw8F.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	o7zs5i8Kj4.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	SecuriteInfo.com.VB.Trojan.Valyria.4579.10155.xlsm	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	SecuriteInfo.com.VB.Trojan.Valyria.4579.18506.xlsm	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	SecuriteInfo.com.VB.Trojan.Valyria.4579.23869.xlsm	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	ungUHhWbHw.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	HEVl9Kxwdw.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	nOOI8aeq4s.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	ZucMJsAXR1.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	4bedb663_by_Libranalysis.xlsb	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	b6uoa6j71F.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	Facture_Q715M47_8H42RGO74.pdf.js	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	Facture_Q715M47_8H42RGO74.pdf.js	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	ENCORE.docx	Get hash	malicious	Browse	52.72.140.231 143.204.209.86
	bot.exe	Get hash	malicious	Browse	52.72.140.231 143.204.209.86

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\setdf[1].exe	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Temp\nseBA51.tmp\System.dll	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Temp\nseBA51.tmp\inetc.dll	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Temp\nseBA51.tmp\nsDialogs.dll	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\setdf[1].exe Download File
Process:	C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	downloaded
Size (bytes):	69288
Entropy (8bit):	5.751964459175197
Encrypted:	false
SSDEEP:	768:PajGavNHz6SkeWWHzkt7E4BIyryrqXXS2MgTd0ItBaJDGhh8p9E+8iRO2e:PFaJz6OWWHzSw4TyrGMgvauh8Q+8iA2e
MD5:	6573AEE829B967E22C3B984DF199250B
SHA1:	2885B81D07E52696B9651156C839B2F18D0671AC
SHA-256:	CE61C53616BC3281873E887BCB6A21369BEE51CFFD4E4CEF8F8C13CF24110C60
SHA-512:	04AFE2C562D5C0A99565C4791F4B1316340E6BCAF38D6AFA94B11C9C856934C930CAE990A20E9BDF79E8A4004E303FD30D6F35735361E9CF666CDBA59FE9D195
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 8%, Browse Antivirus: ReversingLabs, Detection: 3%
Joe Sandbox View:	Filename: Wave Browser_cg5vc6cx_.exe, Detection: malicious, Browse
IE Cache URL:	https://cdn.wavebrowserbase.com/tools/setdf.exe
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................<...................P....@..........................@................ .........................................0................ ..........................................................................................text...T:.......<..................`.P`.data...0....P.......@..............@.0..rdata.......`.......B..............@.`@.bss.........p........................`..idata...............R..............@.0..CRT....4............^..............@.0..tls.... ............`..............@.0..rsrc...0............b..............@.0.................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\chr_install_started[1].json Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	ASCII text, with no line terminators
Category:	modified
Size (bytes):	47
Entropy (8bit):	4.724385660004152
Encrypted:	false
SSDEEP:	3:YWQRAW6pcGBHfBgPpeDV+4:YWQmDcGx5gPMg4
MD5:	92CB62CE3DA0493FA33B171667EE6A4F
SHA1:	D1B550EB0CEF81449E197483A2E3222034FD3858
SHA-256:	A6831DE5E94E75ECA826D9CA56D22490E89E563A13092EDF7E80F041255885A8
SHA-512:	4DFB6C8961D995D2E24250224528684F0F095CAB3B651C97C5304C86AB3A79200A13F583FB3ABA4964EBD68632C149D332E3F8E6C07B21BD11D7392845ED6F06
Malicious:	false
Preview:	{"success":true,"groupId":"DWVGIAZkizGEqShMMQ"}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\i[1].json Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	48
Entropy (8bit):	4.756328385912464
Encrypted:	false
SSDEEP:	3:YWQRAW6pcGBHfIH91bDY:YWQmDcGxe1PY
MD5:	BE68A241A91FAA127B90AE5CFCE4B386
SHA1:	3FE97ABB70E3F8A18B491E723EB5DD8C138C3E28
SHA-256:	E99BA2B2C0C366D3EA74AF6E1127D53216B2BB15211781C920B869CD833DD7B6
SHA-512:	581BAC15E0B20614912F564C9B20FA5D91924D38052975854D037A9BEF582A9584F4B45F126AD42571963CF8293B014F4DF4935B19CE188958C15BA7F65F7E1C
Malicious:	false
Preview:	{"success":true,"groupId":"MCUDNvyEKfpQLDpmxRA"}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\i[2].json Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.4690665110679815
Encrypted:	false
SSDEEP:	3:YWQRAW6pcGBHfxPNf3qx:YWQmDcGxJPNf3qx
MD5:	6DA311454F3A0558801934617BFFFBBE
SHA1:	B9C1B7FFFD76619C656D9B5EE699548207EA0765
SHA-256:	E086BA050D25924D2BA5116923B1B2370BADAEFE3913EDCD7201F3866CE22084
SHA-512:	6F933D2465D81F89FF1E4C1D2F2F2332E6AFA11DCE1667090BA57BAD2932EB5CA8CECBBDEA62AC48FB2A28D85440AAAAAC60D4B17163AABBAED2CD26E4555905
Malicious:	false
Preview:	{"success":true,"groupId":"tKhcsHkyaoMzpMQOdQ"}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\user[1].json Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	689
Entropy (8bit):	5.125614254588484
Encrypted:	false
SSDEEP:	12:YW5KNoDgxF4zRiCHXo+i6PUyxJMviF9AIL+pthk2tUzcRPhrGZSJmEY:YEooDNVY+bx6Y9VWptvbrkS5Y
MD5:	7C421E2CD3FA7F519E8E94B93AB133B2
SHA1:	1F1BB543722A4BDB2339A669E4E088D82FA6F63D
SHA-256:	75B3EF948D212E7AE384A3D1A2FBA9E2DC961E3D980339C02F1F3352656695DD
SHA-512:	46383D8B06798A8977F77A9A99E6BE5FE14B359F0531E55B0B4AE17AB391E4130014D79AE29D5B42F34547DB858292F6351A2008AEF45C3F3460986776A3019F
Malicious:	false
Preview:	{"stub":1,"ConversionPixelThrottle":100,"Installed":false,"ntp":"www.mywavehome.net","uc":"20210508","dfn":"Wave Browser","domain":"wavebrowser.co","re_url":"http://","source":"-lp0-bb6-brwsr","user_id":"ff016ddb-5584-4b46-b38e-499f2baf1385","useragent":"BRWSR-GENERIC","adprovider":"appfocus1","implementation_id":"wav","keyword":null,"Branding":"wav","Vertical":"","IpAddress":"50.234.242.107","CampaignId":null,"HasOffersId":null,"AwConversionId":null,"AwAccountNumber":null,"ConversionValue":2.5,"GoogleAnalyticsId":null,"HasOffersTransactionId":null,"ShouldFirePixel":false,"GoogleClickId":null,"seUrl":"https://search.yahoo.com/search?p={searchTerms}","tsj":null,"StubStarted":false}

C:\Users\user\AppData\Local\Temp\285f23e8-7e7c-4d04-abcf-3d787156fcc8.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Category:	modified
Size (bytes):	454313
Entropy (8bit):	7.976133773699999
Encrypted:	false
SSDEEP:	12288:/6BaZighEYF+CfxezNlMRtodL89OHuipLnq1VhFc0x:C+iULF+Cx+ModA9OR70X
MD5:	3EEAEBFF161B504A84D444E59C96A56A
SHA1:	3189DF17422538A4E89AB01A3D2DCB08DA087B47
SHA-256:	4ADEBC54EFD188D043F7447E6BED92D115225A9B3E8C13C62618B7A4D9085ED2
SHA-512:	7720B8E1F83D855C846325FDA4A90C094A5419670534D886D50BF549DADC89E6086F86C5320D5A8286CF8204A54F509977FA4B0179FEE466E29A4CDE632A78C4
Malicious:	false
Preview:	...........Zmw.6..+4.+.+...d...h..........Q.."T.......>..J.ss..,..`f0....7I6W....K.%.u..Yh....7<..wG..w..a...w&.vm....w..)4.n.?U..C6a..5e..u..=z.]I.9Y....Osr...c.....-rM.]Z._...\O"...I2'...Av]...9;c.`.^. H.F. `..M..d4.%^t...?....VB.J(.s.]G77......z.[p.0d..g.....x....?....0..;.<..W+._.\..0..4..{.." .;l.L.......\|.&..Z...p...d..}-`.(.......:v[.....%..uY../.d..t~E>..U..A..Oe.0.D..%.Cos.`.n.....`f....$7..[=...C-..?.r)3.3.FP'.u...../?.....$..7;...P-W.4..H.E..Pg..P.EX8Kq.,..HM.jg%.....".r..F.X....6.v..n...y.%............K.....#]Fl...'{\...8.3.E.5....H..,8F.m.Pe+.'$.,f.J.q.N.d.@..8N.s.M.?..E..O.}#s.F.^...rv....v.4!IN.n...d..q..].q....$`.?....._H..6...........gE.z....F.L..QQ...,.El.;..R.e..7>.........M.,...Y.K......&..?.8sX.D.5....qm.`.'.)....+...;..@.c.9pKi.....Re&v6R.:m#=..*......\....T.=..U.t.....F ..y.k..b.e...G....x...Zb...3....E.....@...M.\|.0.lc...9[...U...9}]...V..U...e.2.4}..6....4.......b.bcV....f.o.}....F..9.......&..Of

C:\Users\user\AppData\Local\Temp\2d540507-0df2-4be5-9069-b881ccec6b42.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\3124_1281437563\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9576854161328243
Encrypted:	false
SSDEEP:	3:ScRrBaRedDdIzDGQxv:ScNBagBIvF
MD5:	46B4014DA96A0628F0D425B50042B733
SHA1:	B962A57BA789A1C0209DBF6E3895CC53474B3694
SHA-256:	FC1ACFE754E1CD5F0DDA24501817D4E903848DB3F00173040C199C0A3AEC3012
SHA-512:	6A6274C50A87898647B5EAFE1AEEEB4385E4A6852A6831C1401D56D24333FEC89BC4221D760A3DFFC707C741AB92CBD0144492B097A61ECD961EF32948B3FC86
Malicious:	false
Preview:	1.932274d0ca4e72069f100eb38780d61068f814cda93fcc5b9f7f437b09501859

C:\Users\user\AppData\Local\Temp\3124_1822817589\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.8373939835995237
Encrypted:	false
SSDEEP:	3:SRIhS+U0qVQBTdFOn92KeHKvS:S+3iUTdF+fecS
MD5:	5BEB41D83DCF7FC38E9BDE758E373F3C
SHA1:	E0A0ECAF9388DA64428E951F84F4A00A4ADE9AF6
SHA-256:	06272F1CB492E4F5FEEE5BB621F20350938B3F6B7BD1F7EDCB81B853AA4EFBCC
SHA-512:	1A3A0B32399321BE9657782B0271CFF2F926F7D53B25B5B6FBD233D409714A4462D20A3B181DCB894430AEE1EA986573C9730C3630899165FC1F329C8991BE99
Malicious:	false
Preview:	1.490d4b15658ba181a58305cc20a005d5c820f7fd55399c997299a9e1bb6c8597

C:\Users\user\AppData\Local\Temp\3124_1864179955\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9337846504774268
Encrypted:	false
SSDEEP:	3:SR6VSfS5hHXE2fUGHnDyZEon:SE5ienDyZEo
MD5:	AABA0CA80A4E0A9430CB364BAF2D7359
SHA1:	B79DCAFB3EFB0566CD7A5B3A2C128FE5DF933C0A
SHA-256:	A6AC0B6539B193CB04A4AD7C2B8FEDDCB16F664662FB5904B8EF45D369F81BE3
SHA-512:	D0E103DEE0BF2DDE816F87168B8AF7C4BE2C2A049C4EA5CB8B2FA035E0A091A28A13D758BAE8CF4A7327D7103387C1548B308C328C84ABFD9062EA502EFEA75F
Malicious:	false
Preview:	1.478aa915e78878e332a0b4bb4d2a6fb67ff1c7f7b62fe906f47095ba5ae112d0

C:\Users\user\AppData\Local\Temp\3124_281591937\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9570514164363635
Encrypted:	false
SSDEEP:	3:SVCBGERJd9WaHpYx4eiXoA:SVCwERJdVMiXd
MD5:	C6ABF42CB5AF869629971C2E42A87FD5
SHA1:	6EB0FAE28D9466E76FA12E31FE6CDADD3ACCE4D1
SHA-256:	D281AFDA759075F4CB7D7CEEC4A3CB2AF135213B4D691F27090E13F238486AD1
SHA-512:	EDDF7E4883E82718743C589E8F2E48BEAD948428E730231FEFADAD380853343332BC56C9DC61C963B3F537CD4865B06FF330CEF012B152CEA35F8A0AA2C7B56D
Malicious:	false
Preview:	1.fd515ec0dc30d25a09641b8b83729234bc50f4511e35ce17d24fd996252eaace

C:\Users\user\AppData\Local\Temp\3124_289367033\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.893948431036658
Encrypted:	false
SSDEEP:	3:SVbHhID/aE7RR8JIKLEXxXTQ9gG:SDI77q9wJygG
MD5:	0B46A559724C0403EF7FB286B713EC99
SHA1:	D7EBD7D59199305F13474C8E0E18DA72E6373148
SHA-256:	B71EC26B0F0FE87A91C47A91B6AFB5C2729478C83337D141FC136C9C02CC6B7D
SHA-512:	5E7F535A3A62EFFB329A94FDE728DAC38A5D26B91B6E225F33716970CD06CAAF00A6D90E967793A570776F0EB60F0C221A683F45E778C87ABE647CD1E35B1A43
Malicious:	false
Preview:	1.0727b38159b38ffa3633510444ece15c86417962e8cac59c59002f13b50239ac

C:\Users\user\AppData\Local\Temp\3124_379039305\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9477608398895883
Encrypted:	false
SSDEEP:	3:SR8nWBwyiZ4cTcBHXEW03FHxOdP9:SKWBwygRTcB3ErFEdP9
MD5:	6621C9C22B00C50DCB2D63A04D0265A8
SHA1:	4453A50F458E6875296FDD2FF291895F0A5CFB58
SHA-256:	C1667EA4E14E6B62AB185C030302F7A3CD097E7D56E9485742BF08F4F705D497
SHA-512:	AEA5BB0287ECB8534FB3AFC6AC105F2920C6CAC09A58CECC9FF577F447354841E3E9111898FDC76827BF194A29A3F5B5892A16F2607FAA536156F75020F5F3FC
Malicious:	false
Preview:	1.413bba9333d187fb7dd62ad4c3600796acaf8b2e5dc1a3980e755b9e128833a1

C:\Users\user\AppData\Local\Temp\3124_528200686\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.947760839889588
Encrypted:	false
SSDEEP:	3:StAFP8Udw8QAlB9DNVDWfmcTW:StUkErnNIvW
MD5:	45E817C30EDB982C5B69E74F9CD504B9
SHA1:	554985AAC4C36B0CFC23067E747AE0B025EC7841
SHA-256:	62E9273140969E21CC9FA465142A750A0B65B4CAB60133A9AA38083B2F096451
SHA-512:	D7BD29B01172850D7AE176325B0C1542637AF2427E588AB26931EE9AA9EB7B29E536EC60B624A5114F03F9BF67F6F067CF3B9477417AB96835199CF10CDE17E0
Malicious:	false
Preview:	1.bbaae325b795d8fb18438c99e95ed57245f505cfd524b708bd663880c244d963

C:\Users\user\AppData\Local\Temp\3124_630256060\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9669759926795995
Encrypted:	false
SSDEEP:	3:SfvHUTa8URTTH/BXDj6:SXD3TfB36
MD5:	E3EDA33A5C956F4FC9C5BBD91FF10252
SHA1:	182B989E299A3EC306622A9DD45C3B74A4DF6077
SHA-256:	6D7A462B703F1617286B65BFE0116F267328BEFC379812BCE774D8C640289647
SHA-512:	A49FF4979FEC3512C44899840CCF8D112806330C93812C515F09953B9B6DBA6B1DAB1828382D634235CF23E093C983AEFA860B7A75FDCB5F3F98DD928D4F47D7
Malicious:	false
Preview:	1.d730fdd6875bfda19ae43c639e89fe6c24e48b53ec4f466b1d7de2001f97e03c

C:\Users\user\AppData\Local\Temp\3124_652553750\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.804943840416549
Encrypted:	false
SSDEEP:	3:SSlSf7WEinx/JXVId3VxU:SSl9hFgjU
MD5:	55B444FDDE72163407F4D74649A3B408
SHA1:	3F6E5860634A9046C7BB5551DDFAF20D9DCB3860
SHA-256:	EDB55F2F05A6F02AB2BF5C78AA4F261155A514D8D178C0B7E698F589F4381349
SHA-512:	6A0EF980142D02EB92996CE37FA7749ACC4752674453D10A6D69BE9B96FFF4F3F4FA5DAAC2641D49AC9E40521DE02479D71BB7C11CDFC3D2844C8E206E380E48
Malicious:	false
Preview:	1.70497f45af368f6d591eb9b93a097b7b56821b0770ee00f04b2f5901487a0421

C:\Users\user\AppData\Local\Temp\3124_696802910\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.89429824295036
Encrypted:	false
SSDEEP:	3:SRwGXyUtz24TSXhV6DDt5WBG9EBn:SGGXyA5kDoDt5WwaBn
MD5:	7FB6C0307DFC7235990A87216D6EFE79
SHA1:	9C86024DE6EE647227E73C5905468DB9C31D8447
SHA-256:	F01B98701AE70087F82AAC256AB3ECFB736F4865B7DF915051C7D5B1C51BA78E
SHA-512:	AC7106F2503DB666C4B3A382587C9DAE424CC5692D75E555D1F6BC0E4F4B3A360B82C1C356D06E4F607EA40206699191F5F206979E67B9614F1DE2073D5B0E40
Malicious:	false
Preview:	1.4dcc255c0d82123c9c4251bb453165672ea0458f0379f3a7a534dc2a666d7c6d

C:\Users\user\AppData\Local\Temp\3124_949570790\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.866533712632772
Encrypted:	false
SSDEEP:	3:SpUCQEd2dq8ebEJW2GnnHR:SXQ5Y88EJeR
MD5:	423CB83A2A3B602B0AA82B51B3DA2869
SHA1:	58BC924AF90A89CE87807919F228FE6C915AD854
SHA-256:	0047059C732D70AF8C2F407089237F745838A0FE4F75710ABF1E669B81243E9C
SHA-512:	F80E9B5D544894A667F74CFD0A4D784311299DB080CA6793AABD93B95CF1E2870F74AD38A6386D862580220047F828457240577335C565B7F38B0C6677811660
Malicious:	false
Preview:	1.ffd1d2d75a8183b0a1081bd03a7ce1d140fded7a9fb52cf3ae864cd4d408ceb4

C:\Users\user\AppData\Local\Temp\3124_974187129\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.8930693175496365
Encrypted:	false
SSDEEP:	3:SUnVaQhScJ1ZQAQcISUaHt/QdTgdL:SUV4cJ1ZVQcISUu/gcL
MD5:	F59ECC2CE0B171DEF3F23762AB413CC0
SHA1:	9A6FC649656C9E109C29092B826BF95A786B7171
SHA-256:	AD708E42FDCD11998DDBBBA651EBE1F7B520168A2DD8EACE1DDE49AAB954FF32
SHA-512:	60CA66134171A1F990762561EDA12D6BB1693D699D2FEF2B0C705C7A9B26105E19BCE341914AB07E63CEAACEC6E2B5ABF5BC1BAE75837DD40C66B650BB3F3B2C
Malicious:	false
Preview:	1.1f2c1b01f5f8279f0b0acd2ee595877a0e3011fb0b50aa49a3873836cdb008c9

C:\Users\user\AppData\Local\Temp\3124_996831261\manifest.fingerprint Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9174578095865584
Encrypted:	false
SSDEEP:	3:SQWAh5QEE2aEEQYVBKLEGinzdERp:SQWAhrDBCbdM
MD5:	FF12BCFF02F0D46EBF1498C6BE7E1D77
SHA1:	B118A42DA474D6EBEA1E16FD5CD3824DA09E639B
SHA-256:	ABCD9E5CCBA18A104FC770A4E45EB68AC1D3964EDB956C02FD9F4CB12CC299FD
SHA-512:	7BBE7DD951875541395F750184B19354DEB45B4CBC06B0082CA6EE0F2B9A3A15939C47C731C70A57F5AF686F5DC92F80E7F8FB1A6BD238558FEB348DF3104499
Malicious:	false
Preview:	1.52c269034aa55a52db458483ff6bc68c526a0d2fc6bac9693024eeba4d79d33f

C:\Users\user\AppData\Local\Temp\3149987b-30cb-4bf0-97da-71a95ee5e048.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\af85ff68-db96-4195-b531-f1a4aee5bead.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	227
Entropy (8bit):	4.880952533617069
Encrypted:	false
SSDEEP:	6:T0PavoiwA0Pavoi3M0PavoieE0PavoiA0Pavoiv:gygi8ygi3Hygiefygi7ygiv
MD5:	E7366497401E2D965B5AAB7A7C0935D6
SHA1:	C164A23F5678165415822F774676FE80DE4D91BD
SHA-256:	12D5C5A84DFB56D04B3D0278F21D04EE0ECB68612437FE0BCD9434F56B4B72D6
SHA-512:	BCF247E27FC179429BC3ECACB8EB477082DAA841C588F8299FDFC00EAE30C2017DCD1164E2E845E5F6AFB9D15C75915BDC3754D00CBEA305CE47A218AF557B89
Malicious:	false
Preview:	.htm, WaveHTMLDoc.6YKVKEYYAC6CXQJSYCCSEWJ2MU..html, WaveHTMLDoc.6YKVKEYYAC6CXQJSYCCSEWJ2MU.http, WaveHTMLDoc.6YKVKEYYAC6CXQJSYCCSEWJ2MU.https, WaveHTMLDoc.6YKVKEYYAC6CXQJSYCCSEWJ2MU..pdf, WaveHTMLDoc.6YKVKEYYAC6CXQJSYCCSEWJ2MU.

C:\Users\user\AppData\Local\Temp\c6c0d1bd-1fd0-47af-8ba7-e51a4c50b20d.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Category:	modified
Size (bytes):	28591
Entropy (8bit):	7.990723999928585
Encrypted:	true
SSDEEP:	384:SU7ZPeF1oMYG5wy59NjS5IFuJTyR5NYgJ0CDkATCVl2QmeJ6FfL3JgUrqaO/8dOO:H7peFeCRZSahf74QQefLZLj
MD5:	5AFE659942D1DC7F10AF0ECFF8CB76EC
SHA1:	83690338C85EFB018F0B9F19C89A6729C7B157EE
SHA-256:	49C0778129C36248B346E4E52C25BD0A282A7FC52CA9A05AAA6AB8E0FA77431C
SHA-512:	99D47196F066637E7D5623FF8C165C5474D85D3FB6A143B05539766A46AF1B43D9D46CCB24D89DA6B831E5F2F6C44F20BD08F6D4A159EBB20355985EA8B92FAE
Malicious:	false
Preview:	...........Zms.6..._..p..[.(.b[...M....N{..t ...S.......v...H.q.g:....]...p..6I8_d...C.\p.X$.2.p.g.8I}8.".D)$<..O...}.J9.3..a.i.'...x.....5O...x......I.M.!.'\.l.2.0.cN.fq....\......7..,......>.p...w&.KS.......(O.V>......O.r..V~J.`....U(..Y..MIy..w..g0e......D.,L..y..N.+..._....O.h.]...V....r................O.\|.:....Li..>COy......N.h.......R....Q%.,Xr.y...G8=.A....!8(..L....c....sA....t.Vl:...v...G;...^.l...#.t.>...k..d..kr...B......Pb.0..!..;9.....:~....j;....j.O..!B......?....^.]....;...[.g.B...%..'.7;.9.>..gP. p8...:.5l.Y.....Jp..R,.?..b..8O......h.X(..G.).Cz.C..%....x.ET.....AEi.../..0.. ....k.t...wl..e...H.i.F.....?.....z...?..........(../.O..R.?.4..7...j ..Q.....l..ob!..A..j...@..!).....K...MW.U.N.......W..Bh'8.'.y....Y.[o...PI..W....i...r.e..=.k^.WC..Uy.j..687^.z.#u5.4O...........-j.j3..L.1..F...8.......@l.9.c.aGC.R.&..j.Q-av?...[4.E..T8....u..+9.<.n.Qw.D..N..S..3.D...... .%C.j.7.Y.s(.0wq.ZI.#''#..[K.GJ ....4.....?

C:\Users\user\AppData\Local\Temp\e8d39b62-cba3-48c4-97e0-c72ffd93b462.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\nseBA51.tmp\Info.rtf Download File
Process:	C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	3920
Entropy (8bit):	4.630636970300866
Encrypted:	false
SSDEEP:	96:MoVfRv9QtgFf6anEOOiKibEZO7wsn7cLtxy:nVZvKgFyrO6O7PnMxy
MD5:	A1CF3C484B3F7405E340C0070DB49CCC
SHA1:	9FAF5AA96023A9491CBDADAA97E23267425BE8DD
SHA-256:	043B85DF53C2CACA294621A20F9550386FBB6CBE8967DFB034135E086ACBDA7E
SHA-512:	0557B2CF9B7C3A986017F05A151E0408D9AAAAD7556BB1670D551B978744276F598CB8AABA0776B32AE8B987C70C28565AE41EA1D76BF377BDEBE34AB81DF56E
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fprq2\fcharset0 Times New Roman;}}..{\colortbl ;\red0\green0\blue255;}..{\\generator Riched20 10.0.19041}{\\mmathPr\mdispDef1\mwrapIndent1440 }\viewkind4\uc1 ..\pard\sa200\sl276\slmult1\kerning1\f0\fs22 Easily transition from your current default browser by importing all of your existing settings. This can be opted out of from this installer screen if you prefer a fresh installation.\par..You acknowledge that Wave Browser offers multiple features that utilize the extension platform. These features are standard when the browser is installed and cannot be removed. More information about these features can be found here. {{\field{\*\fldinst{HYPERLINK https://wavebrowser.co/about/ }}{\fldrslt{https://wavebrowser.co/about/\ul0\cf0}}}}\f0\fs22.\line..\line \bullet The HTTPS Checker informs you that a website is insecure and a potential threat, giving you the option to navigate away from the website. \l

C:\Users\user\AppData\Local\Temp\nseBA51.tmp\System.dll Download File
Process:	C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	20136
Entropy (8bit):	6.83048757121425
Encrypted:	false
SSDEEP:	384:n7Vxr8IgLgi3sVc4uNGwDGPApGhGAp9E+88ZpHOoR:hxr8bL3pDGPAGp9E+8iROA
MD5:	69759B664D6283A5CDC8E492D2C95527
SHA1:	353BCCD6307381744B23248D733F0FA5A0B63C96
SHA-256:	388F5F6D0C17BAA0731A917FEE54849075CB03B33E3933A02607A87394C885A3
SHA-512:	778DF039F7F32984FB09616D1ECE429773A4A3693CFD21B2F2D6F20755C8C33DC2084FD4649B425825576605F034B986E16BFA61A215971599C9180FCF0C392E
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Wave Browser_cg5vc6cx_.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir.-.D.-.D.-.D...J..D.-.E.>.D......D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L....~.\...........!..... ...........(.......0...............................`......@.....@..........................2.......0..P........................ ...P.......................................................0..X............................text...O........ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..\|....P.....................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nseBA51.tmp\inetc.dll Download File
Process:	C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	44712
Entropy (8bit):	5.594595277908697
Encrypted:	false
SSDEEP:	768:lFhctuggHZ7KQafLPvjZkDGGNp9E+8iROD:lFagggHFnajjZWNQ+8iAD
MD5:	AD8CC9EC817A72A8B61E4299ED951006
SHA1:	B749622C7D065DA97D38B790E838C5352DFC25B6
SHA-256:	40F4A047DBB37A0EF287947AA3969ABB0E955E113A0637D57DD33C8CB92DEB10
SHA-512:	041B0748C517D94AC4043886DFE385E4AD77D5F4BCBB9FB00CDE98C204AC1EA96278A1F7AFB26028F048080CBF1E5428E981DCF2437FCBDF795A99E87333D792
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Wave Browser_cg5vc6cx_.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&..H..H..H...I..H..I...H.}.M..H.}.L..H.}.H..H.}....H.}.J..H.Rich.H.........PE..L...3p._...........!.....R...x...............p......................................R.....@.........................0u......,...d.......`................ ......L....s..8...............................................,............................text...gQ.......R.................. ..`.rdata.......p.......V..............@..@.data...dI...........`..............@....idata...............j..............@..@.rsrc...`............v..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nseBA51.tmp\nsDialogs.dll Download File
Process:	C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18088
Entropy (8bit):	6.5769471310427665
Encrypted:	false
SSDEEP:	384:sZg7+lkpxZdpLHzNGwDGrZGhGAp9E+88ZpHOGBb:N+lkp3DHRDGr2p9E+8iRO6
MD5:	22380A966677B56939B0B53250BDCAD0
SHA1:	8C45A0E779220670E7E338930BC27F32F5908F4F
SHA-256:	7B8FF30894A277616D34A1036521D213449F0D73945F89C99CF866143AB45AA8
SHA-512:	B8C184CF342DB193A43D891D99D68E56FF95FA05529F8664987C81E4EF517B25DFE005EE94CB8E9045CE0D09B4E6EB4627C335EF0D5BB6D810BB6B6DDDC24771
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Wave Browser_cg5vc6cx_.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L....~.\...........!......... ......Y........0............................................@..........................6..k....0.......`...............&... ...p.......................................................0...............................text............................... ..`.rdata..{....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..t....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nseBA51.tmp\nsResize.dll Download File
Process:	C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
Category:	dropped
Size (bytes):	12968
Entropy (8bit):	6.9803290333669095
Encrypted:	false
SSDEEP:	384:er05zOHAA1xZNGwDGuI6GhGAp9E+88ZpHO9w:zOHAA1xrDGxZp9E+8iROO
MD5:	F1577DDC4395D78EEE5BC6C0469735BA
SHA1:	450B40F748FE527CC1A8822C09907804B2D2A8F6
SHA-256:	FFFB1F5C017079A20DA15057BB9FC4CC91839B4A05A9C928F63C6800E9816F4A
SHA-512:	C02503918A4D70B8D45D6C02023F8A1BA96E402F10F7B5A5518B68B76E8960F8F80FBF3326049070E87D67689C4BE821F53E596BAE125B5ACAA95B484D0B9191
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(uY.F&Y.F&Y.F&Y.G&V.F&...&\.F&..v&X.F&.p.&X.F&.p.&X.F&.p.&X.F&.p.&X.F&RichY.F&........................PE..L....iQ...........!.............`..pu...p...........................................B....@.........................,.......`...........`................ .........................................................................................UPX0.....`..............................UPX1.........p......................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe Download File
Process:	C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	69288
Entropy (8bit):	5.751964459175197
Encrypted:	false
SSDEEP:	768:PajGavNHz6SkeWWHzkt7E4BIyryrqXXS2MgTd0ItBaJDGhh8p9E+8iRO2e:PFaJz6OWWHzSw4TyrGMgvauh8Q+8iA2e
MD5:	6573AEE829B967E22C3B984DF199250B
SHA1:	2885B81D07E52696B9651156C839B2F18D0671AC
SHA-256:	CE61C53616BC3281873E887BCB6A21369BEE51CFFD4E4CEF8F8C13CF24110C60
SHA-512:	04AFE2C562D5C0A99565C4791F4B1316340E6BCAF38D6AFA94B11C9C856934C930CAE990A20E9BDF79E8A4004E303FD30D6F35735361E9CF666CDBA59FE9D195
Malicious:	true
Antivirus:	Antivirus: Metadefender, Detection: 8%, Browse Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................<...................P....@..........................@................ .........................................0................ ..........................................................................................text...T:.......<..................`.P`.data...0....P.......@..............@.0..rdata.......`.......B..............@.`@.bss.........p........................`..idata...............R..............@.0..CRT....4............^..............@.0..tls.... ............`..............@.0..rsrc...0............b..............@.0.................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe Download File
Process:	C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2928728
Entropy (8bit):	6.51338319542666
Encrypted:	false
SSDEEP:	49152:8nKzAq2/iBnD/tMA9XoAKrXmRT7vQAhVbt4ySEaCUDS83z+oydgdT0aB:8KUE1MAPpLhEl+oyHu
MD5:	C0364BBC1A78CE97482F4A0B0DDBAD08
SHA1:	544C51ABD209A91E72BB4E61660A457209C1EC70
SHA-256:	2212C7EE6FA09FB13664E2D3A511184B13D45D2C40CBA3B3881AE83CEEADF398
SHA-512:	CE9D4AA8EA9A07E3E0343AAC78849B5331DFA7468AB34C3B886B57FE74299A7BB5398EDC43042EA3693E6C28E1689EC5681510A97F0AF5486A6C2C066F2297BA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....iE`.........."................. ..........@..............................-.....S.-...`..........................................m&.R....n&.h.....).p....@(.......,.X....p-..%...Q&.....................0P&.(...P.$.0...........p{&.....(m&.@....................text............................... ..`.rdata...h.......j..................@..@.data........p'..B...^'.............@....pdata.......@(.......'.............@..@.00cfg..(....0).......(.............@..@.gehcont<....@).......(.............@..@.retplne$....P).......(..................tls....1....`).......(.............@...CPADinfo8....p).......(.............@..._RDATA........).......(.............@..@.rsrc...p.....).......(.............@..@.reloc...%...p-..&...n,.............@..B........................................................................................................................................

C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z Download File
Process:	C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe
File Type:	7-zip archive data, version 0.4
Category:	dropped
Size (bytes):	63210152
Entropy (8bit):	7.999997108676812
Encrypted:	true
SSDEEP:	1572864:SrM2qXwA5wzqXdOJ/zRAVAwef8XkJ8eHPKUsU:SuXwA5RdcraVbX7Ev
MD5:	E852C876CCC96F2C713AD57DC891FB2A
SHA1:	0F3D0DD39FD74DA35A9838A590304976D009FDDB
SHA-256:	99F2CFCDA23F8177FDB728896FDF6F20015A10620B3F7B1A76F11EA5E78EF254
SHA-512:	62F0D76BC2518DB803DD1B4A08287101CF03594DAC204688C7D1A2660EF47CE01EC83964532A14EA9551C28198A5C2B382C29B83C43B725B1A496BE2D375249E
Malicious:	false
Preview:	7z..'...w..................).{......8%D..]..`...`....U-...S[.y0../..s...:$.)....w.V.d.\|4Z....^{..=G...z.....#..........Sj...U..c...t..t....<.$tq..aE;...(..5......J...,....19m..g\|M..&.kBg.OA.......vi..C..{.(....F.;><U1....YMk..r..{;2.._...a..N.V...N...0{R....U#.'..C^..F....l..h;.mFm...vz...(...'r...8\..'`/...=!.-........<g.O...qT`..iS...U...q..Zap....c>..i?BrM.!..f.x}...Q.2. ......q....q......K..;.Q...~...8.u:..)...Y.^..=tQ....Q..)..X.8. .Gg../.....Q.._..n..BO.A.<V;.t.iQ.o.....&....v...&..$....>...w....l..T.F>.....u.{..g."..e4..o..!.......6q.D3s.x.....f.f.....[...I.C.<.4.$;..J......k...D..M{.O4.._..VD.....Q...........$....`VL....V.Lg..2r6...[.>...L1^.MBu.../.K..R.f.8BsV..M..!..$..g..a.9....T...Q..V.,p.W._...Oz.3".u.R...WI......\|{...akS...lBve\\.+p.<.....I.SL.;Ji.LFp....V.:N_.a.e.....,K..G...<..O\.jY.R,R....d.......qH..yq}{?H...{...>.;..Q.....y_.'.-V.+.,..d...-..p<.....5..F.........}..=..$......o..O?6...x..<j.J.d...5....j.t...d...h...[.B..o.C

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1413903802\CRX_INSTALL\img\wav\icon128.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10598
Entropy (8bit):	7.937320850462636
Encrypted:	false
SSDEEP:	192:3iFYFsIrBAcfJLMKpUtqc9DI6tHkSfHMMyX0KrYnLvXO2MrX0oeSx/vXuA:IYFsIV3BLMKaqcxI+lfByiTO2MT0DYvF
MD5:	D6A079AC7BC5FC7DDC4EC31929791213
SHA1:	B9C1D2B3754AF6AD75DAB4FCF47462A19FEF86E3
SHA-256:	6560EA1BF9A12742EDED10160BD6C009145C55C706645E623BCF9C016419C009
SHA-512:	A7D7B892C668CCFD6FB30B983AFDDEAA2213AF0075012101D781CB8D43928AD610F3CAA316BD6CBFE6A55B9BA2DC9213544CEE3517567746395FBEF96F0D0E86
Malicious:	false
Preview:	.PNG........IHDR..............>a... .IDATx..}y.]Gy...{.7u....N......ON8...0.Ild...cb2I.....0d;..$...d.L......1F.&,6.ma...Z......^^...o...}.u..~..e....u...~..W_..~&?.Bk}.....t.k.._....r..D.#.u..6....ZAk..w..`.fK..K)...8+.<..x.0..!.'&&.....Z.i..z.yM.A.[..j".r...X....V..Y)h..J......3e.....4..8.i>o..>).."..={j....s......p...A.....JJc.YCk....k.B...}..<.H..DT..tzt,...83.m?f...a\|...~v.^..e]....nu........_k.....T...jB.~......ja.=m. ....)<...9"..8.......J..O....ycK.u.....O^m........7\(.A....P...5{..f......]@...J.Bt.@......9jY.=R....C..X.W.....x.9...*.._[........D.`.....;.].....F..4....<..>.<}.j..W..$.......Y....3@....q]..m..7../v..........l.bYC..i..[...M...plH.4..@{h.....$..)`t.r..c.<L.aJ.S......A .....3.-..343\|..k..I..........1.<l...h....=P..t.(_h;..m..OOO............[n..0..a.+..aI...`....N.1.,Z....8.....m.....^6..#.C.q...n1X1X3.. ......D.0.....h......y.....j.;.O.m.O...t'y....\...m.....?YM}....s.-W.c~....N.....@......6.G}..x.a.C58..[. ..A.H..E.zr.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1413903802\CRX_INSTALL\img\wav\icon16.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	751
Entropy (8bit):	7.638010217040916
Encrypted:	false
SSDEEP:	12:6v/7NsDrF/CY695/HwQB98JArBKcJq4okabipfvgfhlzvuk9tnbLGtTMwIE+pgU8:1D4j95FBWmrtkipf4Hpn3GtTfug7
MD5:	661D7C67BE028B650BC5B894FEE1220C
SHA1:	05137E849D0F55F6920AD3D88390A1B2F306BB1F
SHA-256:	A149990239189F32E08BB19F1D2137B12D35EA4FA2CB20FD6FFCBBED3DA54E8E
SHA-512:	06DBDD8CBD80B7B00F76A02678A892F41A52C0397EC3F799A0EF4DABF9AD1103DDD032BDC852712CE1A37F38B1072C7112A3E710491C08D539D092779C84EBCC
Malicious:	false
Preview:	.PNG........IHDR................a....IDAT8...MhTW...s.{.L2NfBb...6.8AE.Z..,]Z.. QDEW.F...B.P.+-..T...B)FCE.iJ4A!..D.4.$........I.V)..o.....)./...a].g...........f./.....+j.'N.Ot....^n.:....{6G....5..+F./..?g2......s...k...Y.....$.@}...........^.(......l.Mm.:PH.w..Ah@C0.T!.`.....[......<....TJ....z.k..h."..fqc.T...7.l.....Rg.~...F....QR9..m)...)...wv..o.a'........b:.]4Oc.)$Mn..c.+P..... %.....K..e.......i..[I0...ab......e.._Ay.....\|.:[..%).P..k..-...._S(k....x.W.......z...c.....e..$.-t.p..X:..j"A.../..~..i.*..w>..."4.0T...U1Rn..R4.-./..\|V\|..?.....6....].3H#...O.S.-.......7\|?8t..[....C..7..i.v...Z.x.;f..q..ul.._8....RF....T..@\|..+.vB[ ."L.p../.v...Vx..=....}.?.[kZ.Z....p.+X............._.JTVG.....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1413903802\CRX_INSTALL\img\wav\icon16_disabled.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	760
Entropy (8bit):	7.608773467277035
Encrypted:	false
SSDEEP:	12:6v/7RX1TuTVybw2iVlH//kBAaUg7gmCipkl6vkPq0vFZAPIUuhA+A7N:GFPwhH3k+CFhg6kPLv/APIUuhA/7N
MD5:	A902B117D19F517DCCB378597FA1391C
SHA1:	F3A622E821DE2CFCE7ED9C478614B310D6EC3D36
SHA-256:	73C909C237815873EDDFE858509F38B978337EE2ED8ECAEE7DC002962F807D5B
SHA-512:	24C42DE5B1AAED3BF88C6DBB8AA0AA82CA483CF00F588C4EBAFA4E84C73C2F7BF128EC8A23146FF7F0FE3617DFE15345F0E0113F5C29C6BB9AB8B591E78232C5
Malicious:	false
Preview:	.PNG........IHDR................a....IDAT8.}..o[e........s.-...I/.R..E..T...R.X...X....g Tm#...n.RAEd"Y:......R..]...9...se.J..L..<?=..h......t.i..........f.;.q~\^^....^..#.2.....s......].]...\|.'.c.(.{.....[.R.v.R.....}...E.\|...M.`.8.I...00..\|>...vsnnnr_.j..z..C..&?m...V..R.!.q..i....8....6...,.......t.^>....z..z..@..$I.R...a...q..Oz~..0-........[.=F.1..r9.."RJ.4...<.0BJ.....(.......&)RI..p.#G..v{..CZ.Z.z=..(....)...v...a 5..48w.eN.}......z.4M.4.!.B.....A..+~o.9s....8..M.;D)E...v\L.DJ...A.GQto.Ry..w.7.../.&NR...M./.H)!.,.-.N.soaaas..H........R.mL.e...2S.0m..D......?..O.....%%..N.........i.a....:..<..j..@...u......z....!.D..a.<i<amu..Z.....>...K.\.e......-..`...[.\|.rWJ.6.......{E'w..j.K.,UVWWg.....j.....7....0.-..$.H....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1413903802\CRX_INSTALL\img\wav\icon48.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3081
Entropy (8bit):	7.923050047505034
Encrypted:	false
SSDEEP:	48:Zvs2swmf2lXwZqEhqrTcLbGN9HJW3blnUwV0a7K7nqxKHqbX4GcabfBnjygvZXMq:ZUFjf2lO5hq/ceN5+JN0BAo6BnRBXE7A
MD5:	31E36F83996AEDF1231FFE8CE78B2CA8
SHA1:	29DD444788D944FCCDA7C969D072B20330B9C44D
SHA-256:	B3800337F97F637E4B3596AA0B57EFA5F59148C47A0C570F45D0E5065C983962
SHA-512:	0401E96B3EE40517332A5B1601D7C605E24ADE1AE58E0980533DA0ADC4477C44A8EAB86335FA00B84D7AC0510216DE0AB68D925401A407C7C480B54F470144F1
Malicious:	false
Preview:	.PNG........IHDR...0...0.....W.......IDATh..i...y...9.r..<^0.@.C.L.i ...S......B[..V......R..U.J\| ..iD..V4-&....J1v.R..ol...d....{V.r.w9O?.;wv.x.\|.z.3..=.{..g?....!W..?}.5....k.._Jj...JyKR.m...5...S'Opqp.h.o....H...c.}OU..?.~.j..V......ma~.N._...O...R...%.T.....AG.).Y..8..H;.5H x...u.!........R,+......\|..<?x4.~{X..B5.H...m}.!l.%.."^..x).......A(..&.yL...].%.c.~V.~h.b...4M_9y.d..xh..B......0.l.l.p...<B.....9.}./..Ip..)N..s....[!..0.k.U......!C.rL.W..e.B..H.....B.....\..&..n....a._.An..M.&"I.jqLm.F...p.....qpe0.g.D......>.r.....I&.<...B....r.....b..:p.r..r..;rd..{..&....t...g...Tm.K..&kE.q.(Mp(PW.H..@2s.)D.R...e...R....q.%.......G...r.V..":..&.Q.T......+.e"`.S..T.-).....T<.."2.........W=u\|..A{..6..U.`]xk..@.Cns..*.\|j....x..].ve./.<8.e.{.vL..Q.$Y].X.!..T..;..o....^.T.\|...;v..8..T.....~d.X..o3......qU0.I.%...j......L.a.-1.........4.....7....._....~.....;.....jM.Cs......a.2JJ...}9...D..2l..ajc.=.w3i.{...CR.......%.LaX#kb+a..4.w..f...h......c.-...S....}.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1413903802\CRX_INSTALL\manifest.json Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	modified
Size (bytes):	984
Entropy (8bit):	4.490627444644874
Encrypted:	false
SSDEEP:	24:bClT2Hv1EM+Gx458l8Z7UVZZLHdLMOF3Wa2UQK:CCHdEMf88l8ZYrTWaR
MD5:	C6B6EAC0129964EE4EB2731324F5A277
SHA1:	4083AC6CB9AF08A6BE9993D0A633BF2EA92311A9
SHA-256:	C6124D23363FF18CC7ECE6ABFD359BDF3D8D3D44354D148FDD0A77DCB1F220CE
SHA-512:	F9EB4CA78DB8736DB05F49740FD07DD1FD68B34E0EE71B7FB64E9614D5E8E0E2F943E064CBC54808B249E3DE536B10AEC39D6D5BA23F5D0BDBAE0DB7E6EF6676
Malicious:	false
Preview:	{. "manifest_version": 2,. "name": "HTTPS Checker",. "short_name": "httpschecker",. "description": "Warn about insecure and malicious sites.",. "version": "1.0.2",. "icons": {. "16": "/img/wav/icon16.png",. "48": "/img/wav/icon48.png",. "128": "/img/wav/icon128.png". },. "permissions": [. "activeTab",. "webRequest",. "webRequestBlocking",. "http:///",. "https:///",. "storage",. "tabs",. "privacy",. "webNavigation",. "contextMenus",. "management",. "alarms",. "cookies",. "://.wavebrowser.co/". ],. "homepage_url": "https://www.wavebrowser.co/about/?ext=HTTPSChecker",. "browser_action": {. "default_title": "HTTPS Checker",. "default_icon": "/img/wav/icon16_disabled.png",. "default_popup": "panel.html". },. "background": {. "persistent": true,. "page": "background.html". }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1413903802\SecureSites_httpschecker_1.0.2.crx Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	355163
Entropy (8bit):	7.997491032817667
Encrypted:	true
SSDEEP:	6144:FEzKI/tosXkv9q2lWkWML2uzTc4WSYSA+saMG8ECKH+xG4lc4WSYSA+saMG8ECKJ:FkKIasSq2lWyrvYZ+saM1ExHQG2YZ+si
MD5:	79144E76D256877F406D856A6B08109B
SHA1:	B100EC0150E6428EC58EBC4BEFFFE9619FD6F26C
SHA-256:	4BE4E8D2D35DFDB9CCBCD58F9ED3EB99911F174934E8AF32799C2E4F1DD4833C
SHA-512:	BAF5A3D1358394501FD344CB0525515244A898521B98614F4DF397B06EC8E37A351D80BE9E74B36AC8325665016F26BBFA2BE9A1F922A858D6CA3D03AE4D688F
Malicious:	false
Preview:	Cr24....E.........0.."0....H.............0...........%..%f.<.f..K..+(....F.:.ET2....iwu....c..=.x...hr\H..^...a?..N..uK....Y...'...-...........h..._SI.~'..k..~..........KsAK,..t.H...'..-.x......I.....Ch....:Ci.0o...M.\..z.X.:g..x..S.G..J.J..2.V.p7.....5....So-N.\|m_.J>\|8v/.<a. k\.......[.52$...........9...75..`....i.G..K..r..7+.?....I...<.1v..#.+.S.g#."h....3...F.....S6.m_..8. AW.1..\..V.LOX..,.d/.veg.#...U``.b@..B.....>Q..2...(.V..8MKE.&2.kE.wB..8...`.~.F...Z:...x.+.....Y..0...D.X.t0..n.....+...M.1n6..A..6t..8....b..=..H''#.y.L .&L.T.eG.........y..Ng..\.^.0...PK.........mCR..............background.html-.... .E.\|..e..,}.....A..!..J...R/W.....p}\...../Aw.....B.......~rqL`'...W.?.+!.".:l......o.).....~.b.....d.0x#.x..j).R...._}.PK..........ER................img/..PK..........ER................lib/..PK.........}ER.-E.............manifest.jsonuRMk.0....>....!...h/...v..R.X..b.Uid....J^ocyS...{...a.+.h.....F....wniP....x..}...s...Q}..D....NX:.-.....

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1569129693\BrowserSettings_EnhancedResultSettings_1.0.1.crx Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	334084
Entropy (8bit):	7.997581416034752
Encrypted:	true
SSDEEP:	6144:zvotosXkv9q2lWkWMCObM3FQ8c4WSYSA+saMG8ECKI/Wuc4WSYSA+saMG8ECKK:zPsSq2lWHjS4YZ+saM1ExqW6YZ+saM15
MD5:	1314B415FECFBA8423CFAB13B44AA18A
SHA1:	6C4007248BF294A2F641E1F49F41C85214CD2C95
SHA-256:	64033877865E289C44A071C6F12B18BAA475D62721415F8DC9073DD6BB6B023A
SHA-512:	FF8D6A0B836A0AE21B7D3644E137054F5DB7373EB3DF46C6FEA502A2398220249FDC0B273ED1EFC914A643B0490F08EDF40750AA3645517C959CB15DDA5D565F
Malicious:	false
Preview:	Cr24....E.........0.."0....H.............0............hEs...........)j$5..9.T.v3.A.l...W.,.p'.+.}.z.....r...:.v....D..6q......T....Z.5....3{m.b\|.....nh.p.,.]{t.p#a...@2.E........h...4a..'3....j.OF.....5.I.(V o..........]..-0...f!.......F.v...A....$..J.@.dT......Z...=.g.[.m.]...wJJ...<.W.7........3......u...}....L....u.d]......2..t.'..s.&...Hwi.^..@s...e-..+[......:.k..{../I.J....@3L.e...V1...&..9....e..._.qV.-{......i..l.....K.h...\.p}...f...J.d......QgJ.!.h.....S...LH\|......aHk6...r.@....G<.._....}.q<.QI.5.`;.;....Z%z..NARf...GG...k....../..'....%,..N.tPK.........mCR..............background.html-.... .E.\|..e..,}.....A..!..J...R/W.....p}\...../Aw.....B.......~rqL`'...W.?.+!.".:l......o.).....~.b.....d.0x#.x..j).R...._}.PK..........ER................img/..PK..........ER................lib/..PK.........}ER...>............manifest.json}S.j.0.}...>...RJ.(....}..[)r.w4.&..F...{..T.........../.@.#Zz4V(.....qKB.~.<..$.=.u-.?H$dm..g.e..G.[..Fh.OJ~U.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1569129693\CRX_INSTALL\img\wav\icon128.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5865
Entropy (8bit):	7.945742841403572
Encrypted:	false
SSDEEP:	96:D5rGvdGOzrjwbngqxpOSPODyH7e9LG4hyRdg9lsN5gmqKiNXG3Xcqa3zWImI9:Fr8zrEThqZu7Z44bg9lsNhMXGHTNImI9
MD5:	351C385252A04D37C1C86D532E9005D9
SHA1:	0F699D2BE7B25EDA646B26341DD47377616DCB0A
SHA-256:	90417B6AA55FD6C586224BF15CA4A069824BF7F862C5AF12CAB53EC719AB04D3
SHA-512:	9DEB825F08C945C8858525D22BF9CA22184CE790DC93E9E469D6A8A3D1E8F8895F3C354B241BEA933D8773D7EACF1D76346C79B481CCC30B3F375C9129610E22
Malicious:	false
Preview:	.PNG........IHDR..............>a.....IDATx..ip\.u...nt7v.....).h..I.fd.$.2E..e..DU.S..R....\|....T..Tf&....\I.&......(;6..RD..EI.. %R.D.$..[w.......M.h..<h.W..}...w.s...)S.L.2e.)S.L.2e......l..>...B.Ed.1&.......`-.....E...F.!.S........U.(..........<...3.<....,.k..E`.P...a ...n........(...3...W...UV.%.../.....\|.x.x\U....o.U....0"...o..O..<.Fgg.).3.KI.0S.?%"..c...?.Q.q.......F.'......R.......'U..._.../......u......S...^....h5Z.CC..C.....)$5.$..1d....!.....a$9..;.i.pUU.......y.\|.)...{....!...0_......4n.?.Mh....A8...w3}><.q.N".id.6..gX.`._....3.K...U.+U...'?\..^..\........S...\|....<S.i~..y..a#ZU.F.A....\$9.51.u...e.W..[.]1..RD.gwww.~..sGA.p...p8./U.w...;.4n.{ ..~'f......&.."S.X.>.....>.5..\|g............o\q)....9.".^U;.O......0..=x.. 4_......y.......b.q..F.?..kOO.G.....i{{.A...e?C#.x.}...o....Z..VA...;..4...5..dj...X.....v.....JV#y...9...od.3...>.$.o`.6.U...2.lt..B....G..g..WU7.....E.y.@{{.W...\|-3]......<.4.C.....p....Z..IOcM......

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1569129693\CRX_INSTALL\img\wav\icon16.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	620
Entropy (8bit):	7.566661523611517
Encrypted:	false
SSDEEP:	12:6v/7FqrEJ2Hzk01nfg7IycEHM76NtErylxy5aB8uO7H:xgozk01fg7ISPB25as7H
MD5:	C32252548A5C27119622F93F8410EA6D
SHA1:	5AD1D34EE44CD0C5E89724DDF74A74283E6385B4
SHA-256:	4F8EF975939FF0D862115FA4195F5B0996724930552B2FEB3F35140FF3942BE9
SHA-512:	DB08DCC3A0E4760E033335A92A2443EE2457B716975D4729BA5F2D1058F9895339D26D12C0A5B9D1B3417CCFE6ED54051FE499BAD9636EC8FEF3615048177294
Malicious:	false
Preview:	.PNG........IHDR................a...3IDAT8....KTa....y..yuR.g.1......R.-...GZ4..?.].... ..2...Z....B.YS.e....x...i1..H.Y....8..;...Nh.o..@+....\.....pH.@6.....1...&......_..v~~......".`.B[A..x...s.B...(.......F[A.....{....Z...W+.J.`....D.T..z2.\|..6[:1@`....^.z3...5`l..Q."...K,....D....O.......v....A.u.....l.j...Fy..v..O....M.X...A@....V#M.}D..#....#(....#".....D.'.l$.P.[....oe....,VN..X.......J.... 5=.,.c.?..l.Ai........j....JU$X..Ty=..csS'...T#.h;......R...bYD...I..S..\|..d....<...#n..C\|..?......b...N\|ED..b.y.......L.H#.I.'.......7..Q...<...$+". .`..p...d2.0`.y..CP.J..=.....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1569129693\CRX_INSTALL\img\wav\icon16_disabled.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	554
Entropy (8bit):	7.47350147318501
Encrypted:	false
SSDEEP:	12:6v/7ZoZnlFxXtBxSqQfCcRJ8mRPzpjJuhBCGfD86rj/B4ulXzACz:SoZnn9tq/hRFjJuhBCk8up4w7
MD5:	8FF5336AA2BF36C0C65178E4EB6C2658
SHA1:	C225B8238E89B2BBEE37E9567D4E163E7748B76B
SHA-256:	97A8354B6A10E7C7BC8A93F3E69AF9AFC579FD43C9E5D30F6393D222F65B5264
SHA-512:	2424A903CAF8F9059A3F05147E3CFDCE2D71D36ECB7AC8686244A9A51F232A2CB8BD8E1C152E1E07D3DD3D042064A055C996B3F261351362D67B24A706770626
Malicious:	false
Preview:	.PNG........IHDR................a....IDAT8...1kSa...s..&QJ..m ...Phf.'AHA....`...XhCG.;.8H....N..;...)..x.....$..}.....^..S.R........_....OWWW.D.3.2.m..eK.G`%....W.T....YU.v..j.t.xQ.Vcc. ..}..y..y.."SSS......F.....t.]R.....$.I<.......c........Q@FD(.......].l4....H$p...t...X.l6k.b...13T....F.v..7...Q..E....T.3....d..b........j....8..CUerr....r..sss....uY.......f...p\. .T.H$8999s........L...... ..}DQ...Q.V....,..x....}...-... ...4.N.E.=.{.\W.w.....U~...K.....] %"...r........5...._......$".@.......<....HG...&.....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1569129693\CRX_INSTALL\img\wav\icon48.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2296
Entropy (8bit):	7.882785888335847
Encrypted:	false
SSDEEP:	48:KNaHBLVQvwICeiqfcWB8qaB8uvw1miaQnvyjILVPb5LEBha:KNa9moezkOHuvzayjIlS2
MD5:	CE5CC8BDF39D1D850A14331F7EAE6A8B
SHA1:	CDE3E661C7235E5E26A3AFF803AD2D5ECC8AECBF
SHA-256:	7A0DAAD03E1C129F03D61C5150159909062F91BC1EB72E93E0EB73205B49A0CE
SHA-512:	E13054A509E2F1CE01863676E8ED95E9AF3B98EA460AB265EF627B0C4B8A0B91299BF2ABC6CC57D152F8A269927373CAE7887D2CF640993BFFA838F27C8E7403
Malicious:	false
Preview:	.PNG........IHDR...0...0.....W.......IDATh..[l\g.......8..7N...7.;...M.mS.....J....P.D..<...!O...U.UU..R..fm...-H!Q...xws...%N\|...s...ub;..;q..u.#..3..~..?s.S.TnId1.{..i.k....S./.k.q."..(.`.Pl...8&..{...../..bp..v....8<%..-5.f..'j\.mX....x.0H.a.0.>.\<... A....:...l..'..w..D.........-.k...fl.......V$......a..}...(<N<..l6..'..w........d:...a.#..5..!..6.kAu.i..N..gt..p......!.U..../.......}.vJq.%.........v.U...H..9......E".....&....p7f.B...{(..../...l....{.o.%.._.o.6a.AP .....L.DA..~5v.:..=q3.m..{r..?.....}.../.Ml..=E.~...Qx...PE...]..m../$dbh.....).....`>..v.....a..... .n..cVQ..........UF.GO<..%..gO.~..~...nG........o...k9.Df................[..@.nS.....<.......UM.0.@...[.\(Zz....2.+.....w.>6UK..MT....w..Q.$.x.W...hu+j.r...y.0.(}E.g).e.@.P..K..[...:....>Q.F...`..R.T...........H...H9T.<e.S.-......l;..4. ...\F.t..gm.....@..Z.p7...Qud.p<R.=e,RDf...\|p.T.B.+$....x.S...l.:4^.X....9......K.:.q....3....t...$..!!$'...0.~.).r..h..Y........3.....".x.c.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_1569129693\CRX_INSTALL\manifest.json Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	modified
Size (bytes):	1034
Entropy (8bit):	4.479609671107332
Encrypted:	false
SSDEEP:	24:bClQiui61Ji1dM+Gx458l8Z7UVZZm1MHQqLMOF3Wa2UQK:CTqedMf88l8ZYNTWaR
MD5:	37DD9F84D2552539445D2863FE9275F2
SHA1:	6C652240F4B22AE8EC16F88A43A89C06716E2ACF
SHA-256:	D909121B0F93A08B46313A7307E9AF994478C5341B7EEB1F3B274479C917C582
SHA-512:	2B46402EE45C068FAD596152261219D64DA1D12EBC16BC9911955554DC9E2877DD94B5901B2115CEC8FD9B6E39AB23AB4C51B74464F2C6373F7A7248003180D0
Malicious:	false
Preview:	{. "manifest_version": 2,. "name": "Enhanced Result Settings",. "short_name": "EnhancedResultSettings",. "description": "Advanced options and search preferences for your browser.",. "version": "1.0.1",. "icons": {. "16": "/img/wav/icon16.png",. "48": "/img/wav/icon48.png",. "128": "/img/wav/icon128.png". },. "permissions": [. "activeTab",. "webRequest",. "webRequestBlocking",. "http:///",. "https:///",. "storage",. "tabs",. "privacy",. "webNavigation",. "contextMenus",. "management",. "alarms",. "cookies",. "://.wavebrowser.co/". ],. "homepage_url": "https://www.wavebrowser.co/about/?ext=EnhancedResultSettings",. "browser_action": {. "default_title": "Result Settings",. "default_icon": "/img/wav/icon16_disabled.png",. "default_popup": "panel.html". },. "background": {. "persistent": true,.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\_locales\en\messages.json Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	85
Entropy (8bit):	3.9592441887442704
Encrypted:	false
SSDEEP:	3:3FHAT2bN5AWAUNVI6zQ6tOFxn:3FHA6bNee/TZE
MD5:	7D9F14F860DB48064CECB516A69BD101
SHA1:	C17EE6DC67DA5968EBCDB17860A3D8ED403C51A7
SHA-256:	655EA19AD5E1F33A8BCA63B590AE72021F2759F6968523358A79BD277F1B2AF2
SHA-512:	79FDD30A548E8AFCE778A22A12E48FF8030C95073812EF13073446152E89DDD7EBFAF46C37A922DFAFCF15E440B1C6CC0F66798AFAF9711DA0E47F15E3CF0CCE
Malicious:	false
Preview:	{.. "extName": {.. "description": "",.. "message": "Wave Menu".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\icons\icon128.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9010
Entropy (8bit):	7.965702014886029
Encrypted:	false
SSDEEP:	192:AvMoQHRJkMfEDI2gHf81dTtbbCLKm+yP8MfTO:34SZFGhs2m+yPVfTO
MD5:	0705D5FA7DF40C6F49C74F86F021CC5E
SHA1:	7F80492816499ECFA3B36D1E9DEEDE0E1F9EC57B
SHA-256:	C785D37781AD00B301E0559DABB44D439F59A2A28E3CA82EEEB53029F327F241
SHA-512:	67DC4B4637CB3AD34A67D64EA5B72A5938615426956AEE8F442A55BDA903E326055D5B52A3863C18AC2AC1D03B05831419CBD6A1BC4A67E4239751108BA12C80
Malicious:	false
Preview:	.PNG........IHDR..............>a... .IDATx..}t[..?.,K.l9....$v..H...J........-.....;.......8.].l...t.9[..I{f'..mM..7.d[B.(8.&.C..'~.#..d.\..CW.z..%.)..8.}{....>.....+X..V....`.+X..>[..w.......P(. .B. ....$5..)....aP>oP..A.^?...1.Tu^j...`.}.u:.v`....!.?q.....E...c.y.....%@{{.U..v`.$I. T,..K.4#.B...N.....^....n(.(...<\|.........7..d.~..z...(...... !!aY-b.K@..Sb..=.S.E.....t.=9=..I.t.....r.RbY........4.s..@.V.."l.ET5H......?E!..$oK.1..pl;B..g..S.:...L..3.o...k........C.=..cY.@.....t.Y...m-a...n.7......>...BW.!._..s..=e.ZO.c'-Zni.xa9.aY......#..A..T.Xt4.c.C.......&....H.p.OXh.a...b......;.......\...c.t.g$I:..L. @{{{.(..I...:..U.mo.A..e.K.1..BH!t........P.}...:.@.Iu..40.Y..+!...-.....,...u'@[[..I.^H..5n...GWS..(.=..~.S)xe..l.qDH.x5...N%...+.E.C^...\:....8.}.a........(s.u#...........G...DH.$.?.?A.Q'/..{..../^..[.R....O..~....}.F...D...t.'..6...hkk{B....Z}...#.l..%.....O..._....^$,.5L.e._.t2...H.4.jJ. ...<g......$5..6x....cQ.6.,9......"......H=A\|..."

C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\icons\icon16.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	879
Entropy (8bit):	7.752116799680535
Encrypted:	false
SSDEEP:	24:Tz5bFBtWCnwvL3zW5BxCKZa//Uxs29KIXuv5KkP5:3Z7sCwD3zW5Bi/8xiZ5Ke
MD5:	180C223A4DC8D7D2C8252AE3EB8292ED
SHA1:	4FA308E4D5E64FDAEC6866EF6808EFC97A74A4C1
SHA-256:	6FD01082A48FA9165CB9CC52E5D77E26088EB0ACC2A8F14351CE0038351DCFC3
SHA-512:	4E40A514048D3B039F3089CBEBB465239A3CE22025EA4001998826C7E3503A295F3884D1E4EB9E25CC5EA39B9DCE7E6E6593F0DAC705E192FA5869E4A1D52E61
Malicious:	false
Preview:	.PNG........IHDR................a...6IDAT8.u.ML.u.......aY@v.....%........z..H...#.....^L.^.I...B..4.&Xj.xh-..4.E`.K...,K............{/..`..b1_ri.N..T.Ynn..<L'.$F..y...}y_..T..)H..Xu........}......p.....##b1.....#:.{WQ..,..n......Y.....l./^..R...42.3v&KQ......$g...Z.>.`...wN.):...7...}`"r..dx..H.2..T2.V.....fN..'t.....H..C..]....C_.........q .9..GIu.B..0./...b-..2u..0{-.p....J,.......7.........?.R.x.q.....2...B...m...$...:f..oU2.L}dj.kmh.....C....B..:...ZS..cxZ...0e.._M5).e.s.'..XK...hA..O4}..3....j.y"?.F.VQ.^..d.....[V..O.Q...../#.0MT+Eyp.5..y...D....K.../H.&<fp.oA.47..T.o[K!J. !K:.0.6a......,..q...Q....P...zW...C._.y...&Ud.,..!L.....rdK.$.I.X.m?...(..8x....o.Nb9\......d..!.IT.2^..]5.M.u...G...%....P..`.xz_........h.E.u..7..\|...kn..x.....8>..].a..3;.Q..B.f..........^.Q...[.NO.J,o6.$!....ZB-SB..A....dB..b.....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\icons\icon32.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2309
Entropy (8bit):	7.900452604128902
Encrypted:	false
SSDEEP:	48:bDDRltxrB5ImTGeGnMw85Oai5mvzYXcRaz5YbiFY1FI78H2R7wH:bLcsBZi5lXoI78WR7w
MD5:	5A393D83D1450F8E92D1225D4FCD8BCD
SHA1:	D9C4DA784402521A5775D320B16FF26652CF8D03
SHA-256:	742D41742143BD6E0F6B7A11EA85436270BF603FCA0A3ECD03C71392613DF641
SHA-512:	0A70FB8B4F50FC625F9A0C208468438B92791EE0D8D524B2D0A35093A6A8A8375D1A3A82149A6FEAD6FCF39F1D410F4CE2EFD2C4E98DFE3DADD67BB058CE8FB2
Malicious:	false
Preview:	.PNG........IHDR... ... .....szz.....IDATX..{.........}.../.,.,... [. F..m,..h.V.mb.b4...Fm....j...Q...)b.V.pq+/....]V.....;..?...R.M.IN2...o.../y./..RJ....}x..Sb.TB..7T.......b1..".u...M..\...z....h.f$..4.L..M.\..<^V4......o...p.g...../.]w._...."r.....-D8.K.......P..}...-.....Yt.....f..-...O..m...o.....\|4c.>...O.....62.D....x.(lWr\|K.M..3...?\|.....>..RJ....M{..n}`.#...k>.7..8........Z.'.u(.M2j^.#f.D.....A.?Y...n....d......\....522.l...r.....4s...1A7.R.d.a......M1b. col.....D........{.x..+c.X..,.l./~..=.'....W..C...M..........!..B..@...)..=[..<A.^\|\|.....L..~)>a..?.W...q./.]../...w.....Z.@Hf..5DV.`pg1v<@...P<3..-..+ny..o....T.].?...)."...o!..n...\|.."=..{..... .>..Qd.`J/.E.D...X3....v.U........L...*Y.j...M?.....M.f.).G.f.....cAJ.m..A..v........@..8.....=.~..K...q.y..M.....9..s....9.\....98Ee.P.....)B.....A....9..M.K...XI......}l.l.J.........-.....i.....D...5.$UZC..1.j...$.].)56SXp..2M...dY...(.J"....F....?1I.j....T....ZZZ..]...p'..I(t

C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\icons\icon48.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2806
Entropy (8bit):	7.9128464830550564
Encrypted:	false
SSDEEP:	48:8Q6fJoolMB2uwJwNGLaDDqWIFBDWgN5I5tpX0RCA/hyyT4oUkcvU6FlUiKs9p8H4:8Q6fZXuwJwsLaDtUy5v50RxJHDUdjFlN
MD5:	545EB09CDFE6378416EF2F4D89685C8E
SHA1:	43BE94859B0FEBE18514F4F4011E46D777176CCE
SHA-256:	E8EF5564A7D7BABCA085A900EDD9142EC3414CBAC6110B35B5B4C7487E9494A2
SHA-512:	1A745DEA42D66095EE86EA881936D6E46CA4C0B56F80472E5FE2CA7A75ABBC2041A5B791D92F2ED336FD51F38AC5BF0BE94CA54A7A7690D152BFA10915A5D0A2
Malicious:	false
Preview:	.PNG........IHDR...0...0.....W.......IDATh..ml[.....^...N..u.B.M.ki.B...............6...!..BZ%`.6.>L......6B.2..).FK.$k.4}K.ij'N.....>..v.ni./<....s}....y.s..o..p..z........N..RA.Z......EqJ...&.....k.z....x..RM.:.N`ezY.....@'....e5..l.$i...sM..^o..i...e...[.ih3Q...l2...!...J......C....F......U..I..........c...[.Ap.]_..Me.=1...%D.0..A%...........a.a`0._..N'...`.FP..W........7nl.$i;.......x(....SD.%.,1...9..AEACACM.......8...r..&.K..4M..gO.u........tt>.J.Z.a&..S.L3....A...J.......J.d.=a..H6.C.,O..N7.o..A..k.._[..M.:..z<.6?..>F.IB........1tP..>.P..`.........Q......).xl...Y@{{.:A.z.<n.{.~.[....;v.._...H..\|...",.2.cyv...f.lm!t...0.[.'...q...Q../iX...B.JQ..x..o.rp..5......?y......a3.[W3{.(.....bB..bI....[.O.....Y..q...W........[........c.!..../0.k.D....dGG.6..}..o.3x../?.)S..u.O.2Y...n.k........Q.<..o....Y.....JY=..z.u]....L..j....>.)....\|L.....5,..Z.....;......[.E...m.......c2<....\|...E.\|i...l\|....IL.#1../......7.o.....o.....5....rU.rU.jIE^..9.d\|_u.

C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\icons\icon64.png Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3894
Entropy (8bit):	7.930213144963869
Encrypted:	false
SSDEEP:	96:K1W6eFbN6TYPivLwKQX3F604bnj8qNlozRXvpizQjSf2m74:K17er6gQGX1p+j8qNlO1vpkmVd
MD5:	3A3B02588C8C61AC5E8AD7A4B66CF1F9
SHA1:	E8534156446CA443A3E69F04CA70B342DFB75569
SHA-256:	8BC1C19398DD18DD82473EDD30F5C92EB39EE426FBD40D1FD7665D43A0FF7FBD
SHA-512:	488812C70D2533B2DE76913A6A7BB628CD57CF7BBDAC8FD7FC50CB054105F69D55A8976AFA2F731177D84527A144E1658E32984DC12D5111C321373BC723C2E1
Malicious:	false
Preview:	.PNG........IHDR...@...@......iq.....IDATx..{l[.}.?..%.!R"%..%[.-KV..Q..K...fM-.Y;..Z$m.n.,..........G.$@..C...'-.h...H#g.XI.H...d.._..')...?H.x..-....}%...s..{~....s...9>....M...[..MJ."... ..&...?......B.q)...#G..m.!..\.ZEQ\.KJ.;Ct.H.....j{{{{.W..+,...jQ...M.b.awV`sj.9%Z.B.8..8.....I$..d.a..{BG<.Y.;-F.V.=...;.Rm^..2..3.V9.l.6...}C..a.b$......(.I...@..D!I2.9...\|.........[..RB\.....;.L&.....n.;{.:%..H.%F.8...#A.D..I.(.....$..3.m.....Eh4.....>.....{...j.....m...mD..#....%."N..H..B...E.I.$Q.T.i...D.\|.....p.Z..pM.)CZ..u..pM.........!,.c%...V6.f".....!@.0q"....G.v'.{%..L.L.......u..9.%..U..!2..g...Amf\|x..............@..<....!.C>J....._.ry8.GS...j.!j.,..3....j.K....?.`...x.....gY.d...g3..t.b.0~".O.......A....... ..]...J...A......K..dN/K....&.W..EW.=M.GD,.~.$....~o...B.=....wO.)%..w0z.#s.l.......q.......{.!....9.=.........u5(..f........GW.I;....$.g........\...C...gJ._R....L&..!.....~...sD.0p.<..p3s)~.LK ..3.;.:k..s!}.j....@uZ.).W6l.ptlll.X.%G'EQz

C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\CRX_INSTALL\manifest.json Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	modified
Size (bytes):	997
Entropy (8bit):	4.747318607735656
Encrypted:	false
SSDEEP:	12:ul0DYkYnBC+ZSS5qDxIx9dlUF1/iQegZx/GWGS2ibULdf4+d7Ixb4JV18m/GQilX:ulIZUC+35A5o6/GW8Hi+SxbO1V/GM6
MD5:	02F82DBF79C5CDD6128C671E63DB3B4F
SHA1:	2C259C4E26872561BB32484CEDD22DD846A78A46
SHA-256:	69D57AACA2BE4BAA5B1D84CDDF1A27D14CCECBA3CDFAE15B9E4E04FD36DFAF8E
SHA-512:	2B378B522064FC88106CFFE1381299FB9E3FA362635E61433A112347E048534911B6F26DED4A30DF4CC218724AC06272A15A303D83C95BE7C81F1CF03181ED5D
Malicious:	false
Preview:	{. "manifest_version": 2,. "name": "__MSG_extName__",. "homepage_url": "https://www.wavebrowser.co/about/?ext=WaveMenu",. "description": "Provides various features that can be accessed in the sidebar of your browser Homepage",. "default_locale": "en",. "permissions": [. "activeTab",. "<all_urls>",. ":///",. "storage",. "cookies",. "alarms",. "webNavigation". ],. "icons": {. "16": "icons/icon16.png",. "32": "icons/icon32.png",. "48": "icons/icon48.png",. "64": "icons/icon64.png",. "128": "icons/icon128.png". },. "background": {. "scripts": [. "js/background.js". ],. "persistent": false. },. "web_accessible_resources": [. "inline-notification.html". ],. "externally_connectable": {. "ids": [. "". ],. "matches": [. "://localhost/",. "://.mywavehome.net/",. "://.wavebrowser.net/". ]. },. "version": "1.0.1",. "content_security_policy": "script-src 'self' ; object-src 'self'".}

C:\Users\user\AppData\Local\Temp\scoped_dir3124_521863187\WaveMenu_v1.0.1-rc.1.crx Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	157436
Entropy (8bit):	7.992165218671506
Encrypted:	true
SSDEEP:	3072:3d3Y6OKc3NwyVe9RII1r32UzGL/W8I1ddHeIIQDz2pFtQFitGn1C4YVA0:3d3Y6tc9wue77E/W8IFb2pFqisk4YVA0
MD5:	783A84A9A47F1C4C08E15557CE5D2268
SHA1:	86E2F19489ABDC79E42A9D607ED399F1F4126AF8
SHA-256:	077F5D549621A951C25716D3E967CF8F77186CD308A3A1D171A7C314B9E24DFA
SHA-512:	D4F03A9AA01ACB53DF87199DD4A0F397AB4892E499EB6B461F999B6CBB007AC27ED39AB0698E51EF7A88BB1A2975C3FFCE1C409EA880CA055488668046D26C42
Malicious:	false
Preview:	Cr24....E.........0.."0....H.............0..........u..m....j..O.@.Z.S........N..H.1....Ut@...?.Km.O.+.yb4...~e....../P..._..>.....t.P..u."]...l.h.?.o\|.$......h.4".wY.Q..[&..J......4J...q......1..-.x/W.........`L......)....{.#~."..l}.#..I...."...#.."...s...i..u..36....=;.....N5o..,.@W...9TA[&g.........$...15.lRm.....>...,...q..[Dyy'.sZ.e..,......j.Xny?9Ul.&V.A.. =.f...:N..H7.Z...T..#sz...2.7Ju9.`.......c.$..A.{..+.tV..a..tK..zQ..G.ax.e...w.....i.8.b..#?....0.....Z.N..wp.j[V.,1)f-....Z......d...[W..2c.qJ..}....I0..\|y.I..a.a^..4.N...(.7.H...f......,Co.d...`~..0h.PK..........ER................_locales/..PK..........ER................css/..PK..........ER................icons/..PK..........ER..c.............inline-notification.html.TMo.0..+......#-l.C..v.}`.Q.h..,y.. .~..lY.....L....?{.......Rg.\|<..)$8.>hS....U.C...d.w..O....B~O..I.}.k..)...C...`...........h.-..XA29..P.$V.B1c..n)..B"..h..T..F?...B....X...r....#m,....,c;.R......{.i.;U......M../

C:\Users\user\AppData\Local\Temp\scoped_dir6492_275879651\3b1a7031-8f36-4d8e-b31b-2d2aca6b8abc.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	118784
Entropy (8bit):	0.45897271081743474
Encrypted:	false
SSDEEP:	96:/8WU+bDoYysX0uhnydVjN9DLjGQLBE3u:El+bDo3irhnydVj3XBBE3u
MD5:	48A0503A55113CE8C8D7A1481A465D49
SHA1:	6212FF680FA492983973EEF5341BDD2AC5B28417
SHA-256:	E79639510991FEBA97C39F0388B53420765D307C46C43B0BD0C014FD36EF8092
SHA-512:	96A2FC52E2325A29F4B38A080DA817DA741A38BB8DBFD2A85349608251197D3D715A75639FB587216C5BAF8034A93F33E11DA7E35C70347BF584DAC94EF889CF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\scoped_dir6492_275879651\5d650d06-3ce5-46ef-bcbf-0eb61596a521.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\scoped_dir6492_275879651\a7ba59f4-dcef-4661-9955-0c7422f3ca7e.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	0.5802899950670313
Encrypted:	false
SSDEEP:	24:LLjtVxh0GY/l1rWR1PmCx9fZjsBX+T6UwcE85fBQuqWFl1CKCC:9Bmw6fU1zBv1f
MD5:	F4154F2378F655B9C9E893FAA31F4783
SHA1:	7AF26F968054425E168299E2C821FC1566FE4C3F
SHA-256:	3AA9139B96F8C671A201001E01D29D1B8BC73C2089172228FA1EBB1756F73A26
SHA-512:	E90B9589B50F93B200319F341B876DB492C25DD02A4D132AA9BDF07A9FA64192800A21CFF1B69B57336DA96E56F5CF83F707FD4673B4AB9EF63BEB6F563BD129
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

C:\Users\user\AppData\Local\Temp\scoped_dir6492_275879651\a93e3899-9c19-4598-862e-9b004eaad0f7.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.38078734622885646
Encrypted:	false
SSDEEP:	12:TL1Huyq1YA5yEHFxOUwa5qguyZ75fOSFccog2PccogL:TLluym8I6Uwcc25fBf2hL
MD5:	9D91871BC64C85ED76A568AA7415D462
SHA1:	B58228EF7A823F9FD7FCC0EEB8388CE902437064
SHA-256:	59B0FB345590517ABAA2358F5FE8A6F0A108A87B3DB229767FA68558E4B5A4CB
SHA-512:	4A2B1253ACF9DB72AE64BEEB0387EFC07DF78EE6DECD3FB9E6C5F3199768CD10061AD80AA0F531183B52D8AD898C869ADCCB15254565AC237CF8D4E8CC48ADEC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\scoped_dir6492_275879651\f935cedb-6679-4f16-af2a-243de7efd476.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.7006690334145785
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
MD5:	A7FE10DA330AD03BF22DC9AC76BBB3E4
SHA1:	1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
SHA-256:	8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
SHA-512:	1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\wavebrowser_installer.log Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	154
Entropy (8bit):	5.280917079950501
Encrypted:	false
SSDEEP:	3:qQVI5XVLyAH7R25PI/ABFRemLrKFELwOt+kiEaKC5SufyM1K/RFofD6OnZNLOvn:qQ65XVLyH51prKSLPwknaZ5SuH1MUmO8
MD5:	0291F1891F8AEF138616B9AAEEEA7E52
SHA1:	B8D75F06F257C3427BFD0B9A5122BDF66D107531
SHA-256:	A9ACC5BA72D34F0EC0509C5E27B2AFBEF8035270C779AA9ADCC9A72ED1F949BA
SHA-512:	4F0EB1DB21D39E3DDF354256022D1AC49BBE900A51729A1EC3F94307C35BD7C1ADCA6FDBCDF9B295A38EF89D8A422E659FD1B03871DA95E121AB290D59A7D96D
Malicious:	false
Preview:	[0508/062047.294:ERROR:shell_util.cc(1952)] Failed to pin to taskbar C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveBrowser.lnk.

C:\Users\user\AppData\Local\WaveBrowser\User Data\0fdc8312-f6f2-4f47-b669-3a2aea121464.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7761
Entropy (8bit):	5.383644215053467
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqQ3dkdhTeZqs4H83qKHQ0UaUe4WD:1SYAusihLFbbmpPzUjmhTe6q0i
MD5:	FF66D7DB107A512AB56564DCE52285C0
SHA1:	6A2F9A7D478D55276F9EF3306BFF78A6DF7C4E77
SHA-256:	64E16C0DC103649808FC233B907D8D860A62DAF8854BCEFC5D9DFDAEB3102D78
SHA-512:	9BAEDB2CB7DEBB4ED82562CA81D7FB663BFD22E8C94E14373844C2A79578E72CDE41BF471A17570ABFE8ED6B9D4AF9576971A5995DD924101CC40B8C53909473
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\12b2a45f-6889-479f-ad1a-f7b2e782ab23.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	105448
Entropy (8bit):	3.7426339460315483
Encrypted:	false
SSDEEP:	384:Pq166EXR8HkMUVvB+dNyrHvmu31+8hHsVGxpwr7Hz6Bx1AYYoDrbamHzRxLYSe+T:3qmRBit21ge/gWMz/EGeKEeuwS
MD5:	FAA603FD2DF25F8017AC5C0E00450811
SHA1:	0F06AE3720D7F94226F50FA269D2405163CB5241
SHA-256:	55954E219D0C6F238677ED8332F0C8A5BF6FC287BABB899DCA9133133420907F
SHA-512:	28908C9C285A8AF599A63E52CFB207948E0A08AD6814FB47ECC965FB717B3E83DA4A6BD63FDB81821C05239EABAFFBB090EF02C846A4C783DF193BCFEDAA3B23
Malicious:	false
Preview:	..................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...\98.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\WaveBrowser\User Data\180fe2bd-f35a-4bdf-916e-33517918d27d.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8277
Entropy (8bit):	5.393236572838102
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkThhZel9Bs4HkN4cQQ0UaP:1SYAusihLFbbmpPzUW01chje9EVe
MD5:	4E17DD6802185FEBF1B41DE007164AD2
SHA1:	A8D0EEA59A001160BD6B870D60C74167E916C791
SHA-256:	01E6EAB7B98F8F09E2F9E144F1B060066DC575EA8283D191C6B2F1B828328BF8
SHA-512:	BAAAA002BF96CBCF144EBC29BAD60D738ECD5BCEC5CD53D13D7285E70B508400926EAF909D42335D7A82BFC5D4954BC94498F9B1DC9F317852BD1C62BF72EA39
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\1fbff1af-2fc7-4f15-8f2d-e554196531c8.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8194
Entropy (8bit):	5.391721096285378
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkThTel9Bs4HkN4cQQ0UaUK:1SYAusihLFbbmpPzUW01chTe9EVe
MD5:	FD020FE8099C0425809194F13E36B583
SHA1:	45583670DB8F3D3D5FC468D1297EE1C479C31066
SHA-256:	A4D6FDC89B90500DDA2CAF242CE785B07400A3F5AF9C9E32E164E50154FFDCA2
SHA-512:	6A8C1B443C79CF5C584A51697388320DCAD17D0079C356C68E2F8E1151CC6210DC2C4D810DDC88EDA3E8771B7FBF7145405139D5CB005997560AFA19B008B92D
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\42590a8c-8a4a-49f3-aec5-f60f8b2e2f0e.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8373
Entropy (8bit):	5.394295995044373
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkMhhZel9BANXhZHkN4cQQc:1SYAusihLFbbmpPzUW01jhjeqEVs
MD5:	BA47CB227135714B985FB84F743647B3
SHA1:	EEE813F953A6240D36B0F04976D54AE894D12B30
SHA-256:	469453808037DE2D82B3E7FF9A47AE1B15AD98EDD288A9CC98EF2BBD4014EE8F
SHA-512:	7B6A2BABC3F33F2763D2E5DF39CA8A037A8185272990904EAF9489803752DEAF20AAAB7136DA7B19A26084C703F1E24D7D42924C80F2DD5574F024156CF85828
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\445b7786-5fba-4277-b3b5-0d0a157a2345.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8375
Entropy (8bit):	5.394160639804113
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkqhhZel9BANXhZHkN4cQQN:1SYAusihLFbbmpPzUW01nhjeqEVd
MD5:	ABD04FAA127501343DCA03D4526E0A31
SHA1:	5E7596DDBC246EB86DEF89B64FD961F8E0982D33
SHA-256:	44EF8E0D90F1274FC6D1F0376ABFD827E7EC071DC6DB484144EF5A26622C70A7
SHA-512:	E24EEF9CC23588B8AAE2B36BE32DA462F4B75FA2E5C26A1D902547C615EFCEC0553313F3D719B4AA8CB1E42575CA9390343F8AEB43865289BDAA78EEB1D16648
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\55eec702-3fca-4699-a985-0939aba88ba1.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	8551
Entropy (8bit):	5.395233359623576
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkqhhZel9BANXhZHk0h4cQ+:1SYAusihLFbbmpPzUW01nhjeqXNd
MD5:	98077BFCA77BABF0E7290882B966F069
SHA1:	38A90B205F949D2969560DD60B8AD5E7053E40DA
SHA-256:	713298FFBDA20AF264ECE43DF5EB80404DE0F73A95667C00FE65057340E3777F
SHA-512:	9693C279587C6AD7B17DD5E9906D2953B3B7C77AFBA2233EC806247959E5F8224A466D0D884ED552AC8B455D211D0F39AF594F6038533F1EB4CC598AC6F605F3
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\57fd1260-08e1-4458-a5fb-7ac0fe6488bd.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7951
Entropy (8bit):	5.3898395722710735
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkWhTel9Bs4HkZqKHQ0UaUY:1SYAusihLFbbmpPzUW01thTe980k
MD5:	307C5909BBEBC20519180B6AD6205E5A
SHA1:	B66FFF679CC101018C37B0361B091950235990F6
SHA-256:	F7FE1BD2D7566308A1A7B248539D1D343EEB6D57EDA8BB7FFEDF5587544EB930
SHA-512:	50D9B592BCF4341FD434317E4220ADACB676AB5C4D2725C5590A83FBDAD83A4CB773121F7F1975B4E703E29C7E315B261A2D4DF6771D0303627E4973FCDF6FAF
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\5bd2a84b-bcd3-4534-ab1f-94a0f5a3bb49.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8468
Entropy (8bit):	5.39527213359109
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkqhhZel9BANXhZHk0h4cQc:1SYAusihLFbbmpPzUW01nhjeqXVd
MD5:	0A1CA9605D3F87B14742B7F5630C9ED7
SHA1:	AA3D35C0955AC19BE1A6833262F41C6B69080EBF
SHA-256:	6723E32F266197AC267D74CAA6FAC218FBB1FF05F807B89780F23F0C6AA5393E
SHA-512:	3A4D8098BB90AD474192BB41A3A5D6C350B8D6EF10CAA9DB7999EA9B40BDCCEF43679EF907F92F47C8D497E8130D30D9587EAB8E7BB38E03056AB3C4693EED7C
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\5cc1195b-1310-4d63-8aea-0a8c51c94614.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8108
Entropy (8bit):	5.389804751063264
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkWhTel9Bs4HkZqcQQ0UaUY:1SYAusihLFbbmpPzUW01thTe9qVk
MD5:	628257C5D04FFCAE6CB9B9F7024A50A7
SHA1:	5BDF6F5443227B445161AB6E08EFBEB8303F15D5
SHA-256:	249AB75F6D84B10BB6C19177F3B0F204B7A54B633D7F8425F5C6BB559C200531
SHA-512:	181C8B11A314B88BC9045A92CEEFA62CE57CC0DCBAB5AA16E40045870457984CC63035E36B84030A51540BCA60B662F70B876D6432F828CE5F3D9F543C3012DE
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\692920f8-033d-42d3-aaf5-f0444fda79e9.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7401
Entropy (8bit):	5.369692711320091
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqQ3dkQhTeZqs4pl3qitUaUe4Mwa:1SYAusihLFbbmpPzUjnhTeQL20
MD5:	52BEC4EFA1935B4AC3F110D110CAA10A
SHA1:	E053EAF61D46870E0D982A179C1EC638B49B38EC
SHA-256:	ED1EFB298B6F0329908A0355B97D30E9DF0A2A0CF9914AA7EEB5199FB9813A35
SHA-512:	9BAE2F651C6A1BC0C7EDDEFE500ACA302DECF938086A29EA4C0680514BC84B3541ECE601A1AB8BE3776737D7DF2DB619A0FCD26E7E8588C6B5FB4AAD1A84C5E8
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\7214c476-3137-4520-a11f-6b95adf2c78f.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7951
Entropy (8bit):	5.3898395722710735
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkWhTel9Bs4HkZqKHQ0UaUY:1SYAusihLFbbmpPzUW01thTe980k
MD5:	307C5909BBEBC20519180B6AD6205E5A
SHA1:	B66FFF679CC101018C37B0361B091950235990F6
SHA-256:	F7FE1BD2D7566308A1A7B248539D1D343EEB6D57EDA8BB7FFEDF5587544EB930
SHA-512:	50D9B592BCF4341FD434317E4220ADACB676AB5C4D2725C5590A83FBDAD83A4CB773121F7F1975B4E703E29C7E315B261A2D4DF6771D0303627E4973FCDF6FAF
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\772904d7-8b75-43ee-abeb-115a6bf9f37d.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7401
Entropy (8bit):	5.369692711320091
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqQ3dkQhTeZqs4pl3qitUaUe4Mwa:1SYAusihLFbbmpPzUjnhTeQL20
MD5:	52BEC4EFA1935B4AC3F110D110CAA10A
SHA1:	E053EAF61D46870E0D982A179C1EC638B49B38EC
SHA-256:	ED1EFB298B6F0329908A0355B97D30E9DF0A2A0CF9914AA7EEB5199FB9813A35
SHA-512:	9BAE2F651C6A1BC0C7EDDEFE500ACA302DECF938086A29EA4C0680514BC84B3541ECE601A1AB8BE3776737D7DF2DB619A0FCD26E7E8588C6B5FB4AAD1A84C5E8
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\7f34927d-ce27-4d51-b2e3-f7310f1888de.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8108
Entropy (8bit):	5.389804751063264
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkWhTel9Bs4HkZqcQQ0UaUY:1SYAusihLFbbmpPzUW01thTe9qVk
MD5:	628257C5D04FFCAE6CB9B9F7024A50A7
SHA1:	5BDF6F5443227B445161AB6E08EFBEB8303F15D5
SHA-256:	249AB75F6D84B10BB6C19177F3B0F204B7A54B633D7F8425F5C6BB559C200531
SHA-512:	181C8B11A314B88BC9045A92CEEFA62CE57CC0DCBAB5AA16E40045870457984CC63035E36B84030A51540BCA60B662F70B876D6432F828CE5F3D9F543C3012DE
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\82f0b127-5cd7-4283-a019-2dd0159025d3.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3696
Entropy (8bit):	5.337271700171138
Encrypted:	false
SSDEEP:	96:i8YSuhJ6HOnfUPAbO1lkzotohpKqQ3dk8+aUe4B4wa:8SYAusWzUj81U
MD5:	F802BB530E03ECAC1BE85C171C704A03
SHA1:	6D858728CF0659E55CDFF6A820F9DD1BEF932D60
SHA-256:	0F71963EFFFB818AAAAABD0AE6B481AE24D63199265FB6A028217432518628B9
SHA-512:	242B4BF5D2CA4145472751D448273D1A2092E439CD40E9852797185FFAAA0EF0C186994B63E166F19DD945686EE9584D91238C2DC8A454A7E62A64D332E17410
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":""},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"G

C:\Users\user\AppData\Local\WaveBrowser\User Data\906340e2-71a5-4532-ad4a-5986c6c3ec1e.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8194
Entropy (8bit):	5.391721096285378
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkThTel9Bs4HkN4cQQ0UaUK:1SYAusihLFbbmpPzUW01chTe9EVe
MD5:	FD020FE8099C0425809194F13E36B583
SHA1:	45583670DB8F3D3D5FC468D1297EE1C479C31066
SHA-256:	A4D6FDC89B90500DDA2CAF242CE785B07400A3F5AF9C9E32E164E50154FFDCA2
SHA-512:	6A8C1B443C79CF5C584A51697388320DCAD17D0079C356C68E2F8E1151CC6210DC2C4D810DDC88EDA3E8771B7FBF7145405139D5CB005997560AFA19B008B92D
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\92875a3a-78b4-4782-b98e-ab1c9d8ffee1.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7865
Entropy (8bit):	5.388248196074422
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkdhTel9Bs4H83qKHQ0UaUW:1SYAusihLFbbmpPzUW01mhTe9q0i
MD5:	7BEA67C2C9DC2E52FE2B92E86EB91ACA
SHA1:	9E34234AA51427827BC76D9E3289E87AB2E6ACF9
SHA-256:	744C569293A262B08EC2AC3509D931A0F7364C6CD853632377CB6AE261E718AD
SHA-512:	D55548CB82DDE9124904A4C00476E7A0A58BB258415D9F076F13E8973899BB50E852564FEEC09E032F44677CECF634EF4E9CB87405010371A75C553696D0C144
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad\settings.dat Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.3041625260016576
Encrypted:	false
SSDEEP:	3:FkXFod94mstFod94mstFod99:+FodVkFodVkFod3
MD5:	09BB61B804F19613010DA5F947710D5B
SHA1:	27E9CEBBD40915E349061A96631737E10BC6770A
SHA-256:	379A6997F89D319762A6EAF024E8569A3A4809E4798165F0872D7D32B699E527
SHA-512:	0977910A7FCF8219B80B0E22FE18F9E55B575052E89AC284F33C9AEC595D2881974BBE705991602CF3549DD86A9DE073F0A43D1BE6695699EB1510C073CC8E6B
Malicious:	false
Preview:	sdPC.........................].M....y../sdPC.........................].M....y../sdPC.........................].M....y../

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\115da2a9-e010-4ce7-9aac-8b22b28f1fdd.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9834
Entropy (8bit):	5.598073725121816
Encrypted:	false
SSDEEP:	192:yVF9MSe2N4QKSrxhwl5O4Ck6pFIOAn3go0iuv:yVDMSLlx+l5OA6pFIOIjuv
MD5:	B8B11EAF1DCDD5CC8411EC0E3F5091EA
SHA1:	14BAAF1762CB3341D6F41B53D41CD96EADC2E546
SHA-256:	90ED3EA3CD75E3C3FEDA7F8A02D22526F44ACFF4C15BB2A245336FC5AA123019
SHA-512:	FF2A04D02E82C4DC970A2FD97B1FA26091D7B5903C1CDB0B1298CD4E408F1C758F5CB8EFEAD0AFDF1755EB45BB0335BFCF1EC8500ED59B5605EA754C129121F7
Malicious:	false
Preview:	{"browser":{"show_home_button":true},"default_search_provider_data":{"template_url_data":{"alternate_urls":[],"contextual_search_url":"","created_by_policy":false,"created_from_play_api":false,"date_created":"13264921254314996","doodle_url":"","favicon_url":"http://www.yahoo.com/favicon.ico","id":"3","image_url":"","image_url_post_params":"","input_encodings":["UTF-8"],"keyword":"wavebrowser search","last_modified":"13264921254314996","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","prepopulate_id":26,"safe_for_autoreplace":true,"search_url_post_params":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e","url":"https://search.yahoo.com/search?p={searchTerms}","usage_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\198900b3-ced9-4628-a099-207fc07e5e32.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	872
Entropy (8bit):	5.55685863428855
Encrypted:	false
SSDEEP:	24:Ya6H0UaqSRUhL8lKkG1KUXpG3kU8H7wUiQ:Ya6UUaqSRUClKDKUXp9UuwUP
MD5:	05C6ED954085C9C44D444AADB1983A77
SHA1:	2471B7D23F00BF1C735916932A10A68EA365C00A
SHA-256:	FE12DAA1C3585A7256D97CEBDAD1934107481FAE756A271313454C32AB6EA7D6
SHA-512:	DFA0BC0F5C430ABEAA78FA721FF9BA28511555158BD429B76B4B4A0733212F03E556E1306B88D894CCE4CFB49381E6D6617CBE2CF292F564B6ADBA3E29DC59EA
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1651983702.544384,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447702.544391},{"expiry":1631334077.909012,"host":"g4wpCezBK3v/g9MqbDyLhx+g7L+c6QLT0ty6exvYBEQ=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447677.909019},{"expiry":1651983668.46364,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447668.463645},{"expiry":1651983668.439208,"host":"qaDeFdT1UTirY0OQe+c5LKw+zjx6vF/+3vFh7CgrAOY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447668.439212},{"expiry":1651983659.720719,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447659.720728}],"version":2}

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\30177348-0022-43f6-8f9c-d5ed4f429588.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	871
Entropy (8bit):	5.55367785540807
Encrypted:	false
SSDEEP:	24:YI6H0Ub4lSRUhL8lKkG1KUXpG3kU8H7wUiQ:YI6UUb4lSRUClKDKUXp9UuwUP
MD5:	5909D5DE5A10931E4BF0E17011C630BD
SHA1:	EF29823294DDBBF73E0AA0641FF9FE6BDE4A4F37
SHA-256:	3CC2E864C42683EAE30B04ADBC966A5FEAFDF37C488C247E23954EF1FA389495
SHA-512:	59AAE06D6B64B5F3966A2F3AAE82117C7867F8C1A283C1F9CFEC34D8229A679DC3DE841C500FC1D9717DA2446568C0FEF292C8A2DCFEB285FF04C73C3068A985
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1651983787.68601,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447787.686015},{"expiry":1631334077.909012,"host":"g4wpCezBK3v/g9MqbDyLhx+g7L+c6QLT0ty6exvYBEQ=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447677.909019},{"expiry":1651983668.46364,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447668.463645},{"expiry":1651983668.439208,"host":"qaDeFdT1UTirY0OQe+c5LKw+zjx6vF/+3vFh7CgrAOY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447668.439212},{"expiry":1651983659.720719,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447659.720728}],"version":2}

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\5a908f40-7d9e-4b56-ba93-e46f477349d0.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6682
Entropy (8bit):	5.369117784739652
Encrypted:	false
SSDEEP:	96:n05VdPrmXmABuhJ6HOHXwR0MoiVmdydffhVSjpsA5IOrMn3YPo0MG6+ykVuAiz:n05TPr74YAuH80MX6pFIOAn3go0iv
MD5:	C751602EAA0F3CC0D165ED274EDA5DE1
SHA1:	9D5A2976432CEB9FAD5EB3F14732E5E7792E7333
SHA-256:	D32FC7E48BA30169EB4FAEDCD80911B8BF18E69D3094911F891DA2D48963F79C
SHA-512:	9E24EBA6E165BC0F1C4B41D789B53788E214FF9757FBC18884F1C7C9789E74F352A8766DEFCEE20146C623F9A90B71219AF3F4CBF2E4DEA20BDD623FE78B40F4
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13264921254888192","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13264921254553502","autofill":{"last_version_validated":1,"orphan_rows_removed":true},"browser":{"default_browser_setting_enabled":true,"show_home_button":true},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"default_search_provider_data":{"template_url_data":{"created_by_policy":false,"favicon_url":"http://www.yahoo.com/favicon.ico","id":"26","input_encodings":["UTF-8"],"keyword":"WaveBrowser search","prepopulate_id":26,"safe_for_autoreplace":true,"search_terms_replacement_key":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","url":"https://api

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\60160a31-08d9-4abb-a1b9-73bcf7a77f24.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6873
Entropy (8bit):	5.364268862935341
Encrypted:	false
SSDEEP:	96:ncmU5D18VpuhJ6HOHcwR0MoiVmd2dffhVSjpsA5IOrMn3YPo0MG6+ykVTAiDw8:ncmc18rYAuHv0MT6pFIOAn3go0iy
MD5:	BCC0ED75DDB18426FC42AC4D5E82B6B0
SHA1:	4C122CCB168F58B16A83CAE7BD4CD44F311321D8
SHA-256:	FD35A8A0743167D9DFE741029FA3DD874E8EA5A3A336DE128D726E763A4423B9
SHA-512:	824C7D96D898C4A1EAF478EC3EEF8D3486EBF9CE4953320C0F26071C4C4071B553567A64BB03B1F8963C8B58D138C5EE3C4FE1F1A8E0E5ADE8576A7C49E7F442
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13264921254888192","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13264921254553502","autocomplete":{"retention_policy_last_version":1},"autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chr

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\667567ac-046d-407d-b46d-a06a2d757706.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	872
Entropy (8bit):	5.5536842952462555
Encrypted:	false
SSDEEP:	24:YB86H0UahSRUhL8lKkG1KUXpG3kU8H7wUiQ:Yq6UUahSRUClKDKUXp9UuwUP
MD5:	CF7A37A4993F201E3A654EA81D082E61
SHA1:	6993D71F523EE2717EFB17D5009654BE3389E1C7
SHA-256:	4BF006954DC726A0045A027906D671C77DC6CF4F9E9995163B83A6B0345E56E1
SHA-512:	605A381543DB0FE38E8C696C7F87BF8C300106712B1F81AC634474605EA2D6483095EED4AC9B12DC6D0DA71A874BB1D08D596CA8346AA4CB4B3D29578DDF2CDD
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1651983717.031778,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447717.031784},{"expiry":1631334077.909012,"host":"g4wpCezBK3v/g9MqbDyLhx+g7L+c6QLT0ty6exvYBEQ=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447677.909019},{"expiry":1651983668.46364,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447668.463645},{"expiry":1651983668.439208,"host":"qaDeFdT1UTirY0OQe+c5LKw+zjx6vF/+3vFh7CgrAOY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447668.439212},{"expiry":1651983659.720719,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447659.720728}],"version":2}

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\70f0dbf8-051a-452d-9c36-56d3e5a032d5.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9732
Entropy (8bit):	5.599168917600619
Encrypted:	false
SSDEEP:	192:yVF9MIe2N4QKSrxhwl5gCk6pFIOAn3go0iuvx:yVDMILlx+l5Y6pFIOIjuvx
MD5:	FD624AB9CA38B909C2CD1DC310DCCA3E
SHA1:	13C55CBC05686B257374DE08051A3FB4AD111AF0
SHA-256:	A6755A9EBF816F94DAD1CFAE82C246C108CC9545A6D85A70553C5AD661F7AACC
SHA-512:	F829AFBE59AC1EB3BAB061D258B7E43846F793D49CA27E4A044B375C37DC3964DE7E97BA68CF6356E2FB95FEE3194D15ADF5EF53F98B6AE6B13AE3DD132C0FB4
Malicious:	false
Preview:	{"browser":{"show_home_button":true},"default_search_provider_data":{"template_url_data":{"alternate_urls":[],"contextual_search_url":"","created_by_policy":false,"created_from_play_api":false,"date_created":"13264921254314996","doodle_url":"","favicon_url":"http://www.yahoo.com/favicon.ico","id":"3","image_url":"","image_url_post_params":"","input_encodings":["UTF-8"],"keyword":"wavebrowser search","last_modified":"13264921254314996","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","prepopulate_id":26,"safe_for_autoreplace":true,"search_url_post_params":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e","url":"https://search.yahoo.com/search?p={searchTerms}","usage_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\7c2e9be0-54c1-4e25-83e0-7a50218dd50d.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	213508
Entropy (8bit):	6.282140637275706
Encrypted:	false
SSDEEP:	3072:8X5MKpm9TOiQj/gH5KfMPXUuse9lBtzwDChQnXR6M6uho598OM5Dp2i4sh:PH9l2G5KEPldwOKh6uyyvmidh
MD5:	F1AC113154E4033D015670BE10D766CD
SHA1:	29EB6A079440A963A8B43452B5336E8A8C3D0B08
SHA-256:	0B8524374B08415C266903F30D712670FB8A624264C81C8256D9A086CFBD4178
SHA-512:	61CC1E90B5263E92EA00C3100ED43154751E68CBC67545BB2D138A256DED6FEB1CD3BCC99313C5831F1261ECB6B6F79F3065545CEED9BF1DACF6555289FB8606
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. .................................._AKs.7.#.-.:f=K.............q7...J.3...$.....({&.....r`>J.#..&...L...I...a...F.;Z4J.g6..%..$...a...t.+.m...\|.).S.Z`_.NQS..w2...A.'.l.JbL.'.k...n.n..Jezv.?=H.xW;.~]<.L[O...v.-.`J....l...`...Dvh.:.i.%.y.&.l.............\..KN...7...:.fK........................................(............. .....................................iSGDjn>..x6.GSDD..................i..x7..,.H.1...!.....&.+.x.x..........o6...#......B...2...(...#.&.+.....ZSGD.%......8...W...Q...z...\|...J.DK5Dr^;...,....../...k...s.+.e..f.....=hI.Z^\.MQV.f]C..%.x.L...t.-.`.LLK...\|.1.^.ixxDhws.?<E.YUK...6...B.^eJ.@dT...z.@eOD....q...j...FCG.A;I.N9F.FTP....".i.........<.-.h...Z...K.y.:.z.$....n.x...................V.qDJ...<.x.GeVD..............................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\7c35001a-d5b7-4970-87e1-0b614f228d7b.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	213508
Entropy (8bit):	6.282140637275706
Encrypted:	false
SSDEEP:	3072:8X5MKpm9TOiQj/gH5KfMPXUuse9lBtzwDChQnXR6M6uho598OM5Dp2i4sh:PH9l2G5KEPldwOKh6uyyvmidh
MD5:	F1AC113154E4033D015670BE10D766CD
SHA1:	29EB6A079440A963A8B43452B5336E8A8C3D0B08
SHA-256:	0B8524374B08415C266903F30D712670FB8A624264C81C8256D9A086CFBD4178
SHA-512:	61CC1E90B5263E92EA00C3100ED43154751E68CBC67545BB2D138A256DED6FEB1CD3BCC99313C5831F1261ECB6B6F79F3065545CEED9BF1DACF6555289FB8606
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. .................................._AKs.7.#.-.:f=K.............q7...J.3...$.....({&.....r`>J.#..&...L...I...a...F.;Z4J.g6..%..$...a...t.+.m...\|.).S.Z`_.NQS..w2...A.'.l.JbL.'.k...n.n..Jezv.?=H.xW;.~]<.L[O...v.-.`J....l...`...Dvh.:.i.%.y.&.l.............\..KN...7...:.fK........................................(............. .....................................iSGDjn>..x6.GSDD..................i..x7..,.H.1...!.....&.+.x.x..........o6...#......B...2...(...#.&.+.....ZSGD.%......8...W...Q...z...\|...J.DK5Dr^;...,....../...k...s.+.e..f.....=hI.Z^\.MQV.f]C..%.x.L...t.-.`.LLK...\|.1.^.ixxDhws.?<E.YUK...6...B.^eJ.@dT...z.@eOD....q...j...FCG.A;I.N9F.FTP....".i.........<.-.h...Z...K.y.:.z.$....n.x...................V.qDJ...<.x.GeVD..............................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\808f8323-a8a9-4472-a569-bd35c0ea4ac9.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7019
Entropy (8bit):	5.367480492906299
Encrypted:	false
SSDEEP:	96:ncmU5D5V8VpuhJ6HOHcwR0MoiVmdMdffhVSjpsA5IOrMn3YPo0MG6+ykVTAiDw8:ncmcP8rYAuHv0Ml6pFIOAn3go0iy
MD5:	FFBEA07FED3F34657D16E88D7187B9F2
SHA1:	49875683885D3AD27A815A19E42F4AB4546EDEFF
SHA-256:	03160E85A83CE7C643330007E96C3203416694C75234B20500D1BA5207CDC49B
SHA-512:	8D57A4C2905D2D71ECDB3C8267F5EB48712FAB2BC414EA00A40ECFA8AB76804F7C0274C90152BF48F5B76AE379382FCC9BC53328152D77C39894CD2837085C13
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13264921254888192","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13264921254553502","autocomplete":{"retention_policy_last_version":1},"autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"domain_diversity":{"last_reporting_timestamp":"13264921302455860"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chr

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\870f7c6c-6614-49a3-ad5a-369b4c5a34af.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	59
Entropy (8bit):	4.619434150836742
Encrypted:	false
SSDEEP:	3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
MD5:	2800881C775077E1C4B6E06BF4676DE4
SHA1:	2873631068C8B3B9495638C865915BE822442C8B
SHA-256:	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
SHA-512:	E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
Malicious:	false
Preview:	{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\9a2fd98f-54bb-4579-9cf3-e6c3e219ca86.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	213508
Entropy (8bit):	6.282140637275706
Encrypted:	false
SSDEEP:	3072:8X5MKpm9TOiQj/gH5KfMPXUuse9lBtzwDChQnXR6M6uho598OM5Dp2i4sh:PH9l2G5KEPldwOKh6uyyvmidh
MD5:	F1AC113154E4033D015670BE10D766CD
SHA1:	29EB6A079440A963A8B43452B5336E8A8C3D0B08
SHA-256:	0B8524374B08415C266903F30D712670FB8A624264C81C8256D9A086CFBD4178
SHA-512:	61CC1E90B5263E92EA00C3100ED43154751E68CBC67545BB2D138A256DED6FEB1CD3BCC99313C5831F1261ECB6B6F79F3065545CEED9BF1DACF6555289FB8606
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ ......M..(............. .................................._AKs.7.#.-.:f=K.............q7...J.3...$.....({&.....r`>J.#..&...L...I...a...F.;Z4J.g6..%..$...a...t.+.m...\|.).S.Z`_.NQS..w2...A.'.l.JbL.'.k...n.n..Jezv.?=H.xW;.~]<.L[O...v.-.`J....l...`...Dvh.:.i.%.y.&.l.............\..KN...7...:.fK........................................(............. .....................................iSGDjn>..x6.GSDD..................i..x7..,.H.1...!.....&.+.x.x..........o6...#......B...2...(...#.&.+.....ZSGD.%......8...W...Q...z...\|...J.DK5Dr^;...,....../...k...s.+.e..f.....=hI.Z^\.MQV.f]C..%.x.L...t.-.`.LLK...\|.1.^.ixxDhws.?<E.YUK...6...B.^eJ.@dT...z.@eOD....q...j...FCG.A;I.N9F.FTP....".i.........<.-.h...Z...K.y.:.z.$....n.x...................V.qDJ...<.x.GeVD..............................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\AccessContextAudit Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.32159919421193234
Encrypted:	false
SSDEEP:	24:TLi0F62+0HL36UdoFpGHWk6UwccI5fBIzMs3aFMyrMsOQKqML:TuoSphrU1cEBZ4aOriYL
MD5:	920203CB26FF7C77B722C4F3B2D9BA6A
SHA1:	AE52068B8D49B06938E955C9CA9C477F66440C99
SHA-256:	4EB0C842F67B9393F9905F6A33D49EF8494BCC4AFFA13AC35D1BAD60F5572268
SHA-512:	20410D195F1DF11976B9D9E149C198D116BC2E15A817F75BA55A955AC148356C4F836F9D39E1E37D1B9D3B9901F013211374F4EDAA30D55D05675A46706ACEF7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G..........g...<.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\AccessContextAudit-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	17988
Entropy (8bit):	0.13781587759287528
Encrypted:	false
SSDEEP:	6:n+/l/lIAaQeIGcEl9lUriqMOLKKLceMOwGeaFMOLKKLSy/l9n:n+t/l3af0/MszwvaFMHK9
MD5:	18C08F3E5585B2C25FAE296561DBC97A
SHA1:	AAE46BEC8C97081EE139172E8F189BE85F2822D6
SHA-256:	EB4493EFE68E5E0A82403B8AC0D16604C39AB38FEA6CA4B4E48F71558F919A75
SHA-512:	D6DE072AAFF55E3D57B889AFAB47725D02DEB0B0220E0C329F35B20BEA69D576A8D710FED9922B49E4A50B4C8C3D94D552C96D6FC1330790B0C5F5BDEF0C1466
Malicious:	false
Preview:	............o....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.................jw82............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\data_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	31808
Entropy (8bit):	4.041685180046586
Encrypted:	false
SSDEEP:	768:ik1YQat99lYoYuuYBYKpYkIleYUmxiB09XoV1dEf:ik1YQ23tnXIgmvZ
MD5:	7A597BE9ECB9C286FD8364E550606AF9
SHA1:	01EEA17A828CAED4A694BC5562A6EF18420A820C
SHA-256:	B02E48D2AE8A4E639CC618D7061CDBE0BBA5A1D4B5966F7543EDD0296E580F56
SHA-512:	19E657BF71D4237BE1CD7F286C53AFBF396B869809D87763FAADA9AD1020E96D8F6B4023A558B4A12933FD7C0C74A5E6C9522E6C4741C37BFA569E63D3D45C89
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\data_1 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	43771
Entropy (8bit):	4.0958745292286025
Encrypted:	false
SSDEEP:	768:XNHKXXlV2yB24X7XLAGhra2vcCn2iFCFiVnTw9MqD6DJDWWMpSy:dHeb5TLvuv8d
MD5:	86EFEC0A1912826C17890079E77D1C6F
SHA1:	8844E4D6AB5760811B6A3C3A989506CA85A115C8
SHA-256:	13968A7FF0D679871081D74B610F53303187644A56BCAAE1169F67B5D423374D
SHA-512:	1F52B0C1F6F58710AAE23337102637D1AAF54799056B46A32905F9F71B686CE5FE499AACF87E7A6448CD809E04439CA061F345BF41361FC5007E075256CBB6B9
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\data_2 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	20654
Entropy (8bit):	4.9668888174491554
Encrypted:	false
SSDEEP:	192:Z1RNp1YhadspEC2F1SGwGo7hMOMZ4fTz0L3CGTlj3DJCiXRsVJBddNDuYUWpAaqG:ZizNwAGwllMefX9GhBCEudUWpAaqCN
MD5:	0B32EEAB7DBC3B8B264E59A894E04DE6
SHA1:	BAF84F28BA7B5DE3AEC592D0D054109525177D72
SHA-256:	4C7C1D9F70C7C7CDCE77C9FB1D4C077B30CABA7EF1559766780105B904DC877B
SHA-512:	0A778C5A1445803F0790E7B8FF3D5A8F03DE0E0DAC0BAC01F5FB72938F2242638FA90B9EC7AA71C53FE62B32DD27A6AAD3E4D1C9D6D4601A786C31281DE993E7
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\data_3 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	228547
Entropy (8bit):	7.2650060177723566
Encrypted:	false
SSDEEP:	3072:ekMJsd9WiCJsQ9zJs57kmJsZJs/JsAJsiJsLJsjo+HkyJskJsBXmJs/JsfY7Y:Y89kv9Fa7kIKEnps2vHkUzQY8o
MD5:	372C2CB3E5F620FF3464BCC389847D58
SHA1:	4B30B10D452F71A04D25A4FBD7D2891A7C33AD18
SHA-256:	3E4DA90E5C543A0DB3BF4E1CF1FD544C047961FE04ABEE900049AF7AF936CCDF
SHA-512:	3CF0B3D030F5E30D953425544EE49473488BEBF0D03FC80B9A488A47D35F99EA6C13D1E545BD886B1FDE485A39AE5BC289C4B267371FAB8549EBB785307FFC15
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	77668
Entropy (8bit):	4.883661691945962
Encrypted:	false
SSDEEP:	768:PXqsK2JWKLmFBiolfvcDYj8BgRf9gifLACrTzisnQGgO48BgF11/Fm7Nq2ZWsOKR:PxJWvFBiolfvcDBBgDNjzgJ/KaNU
MD5:	5CAAB41C46E9B73DA2966366BD58DFF8
SHA1:	8AC606F00EB92EA00B6DE9A2D5B7ABBDBAEE431E
SHA-256:	970925147A0F5D3D34CF120CFDCC4A21A0B36FC1B6FDCFEBA860E1BCFF1E503F
SHA-512:	5D28E7BC59B6B419A10F54D226088B97872FCBCC1D03C82809B1E77D07B563A1E03AD8297CEED60CEC9EEA000556F171389ACEB0EA9BA210CE63CC4D0FD75278
Malicious:	false
Preview:	..<!DOCTYPE html>..<html>..<head>.. <title>New Tab</title>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta name="description" content="">.. <meta name="keywords" content="">.. <link href="/Content/css?v=hvDKstYYf95bgG1D4zC-O6L8q2To8oo0ao1-hEF9XhA1" rel="stylesheet"/>.... .. <link href="https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900" rel="stylesheet">.. <link href="https://cdn.jsdelivr.net/npm/@mdi/font@4.x/css/materialdesignicons.min.css" rel="stylesheet">.. <link href="https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.min.css" rel="stylesheet">.... <script src="/bundles/modernizr?v=inCVuEFe6J4Q07A0AcRsbJic_UE5MwpRMNGcOtk94TE1"></script>.... <script src="/bundles/jquery?v=sR2Y3C1DfDKX_L5F4SIzzUDsGAArU4Yr1QRaIlz23bo1"></script>.... <script src="/bundles/bootstrap?v=M4Nk6kIOwMFflsEKET0iPL9i5YBqbzMzvUOrd8gyCnw1"></script>.... <script src="/Scripts/ntpwave?v=RkW

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_000002 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	gzip compressed data, from Unix
Category:	dropped
Size (bytes):	37279
Entropy (8bit):	7.990660624726674
Encrypted:	true
SSDEEP:	768:tyOZdmFDKWB8i90wbRy6kdXkwk249vsD/kJYhfMwp6q1ovoEdvZ:VZdcKWyiCKRy6OUf+gJcfMwUoEdB
MD5:	CED9D5CB041C7426F9C832A05A9DA490
SHA1:	747F551DD11FECB6F64C82DF8DBAECDD0192C064
SHA-256:	32AEB188222DF7D49CD3DF40D8DC05A3C93E3F2D9F17D930A7AD10FDFAA8B87D
SHA-512:	9ABF24C2AC5712926B6C15A4F57740FACD4FF904DAC230C10B11ECC5FC06780BC52B1136FDD2A60C25B438FDFA964456716D7946FEFF635FA8FDF241B1742328
Malicious:	false
Preview:	..............J...*..@..(.. N.(Ts....o(.!q.$j.......T....c.E............z....=v.....~....O;wc.^....\|....8...{...z........?.?....<.\/..Gw...g7.......3.g....o...}....?U...6.....Gw;t.Sw....>.>.......?..........I...VB.L.3...U.................i..v_....y;..:t.x.?.......O.k....~....p................R..G...%.........n.......j.....K.Wn.9Q..~.5..0.....W.v.N....v...f.c.9..k..p..vs7../_...%s.......x._.....=..=.G....@/.a.>............s;.@ ...K....=..i.=.~..Y.. w.n...wZ"d$v..RREQ)..2.7...D#@#....Y......E.q..].7..EPA..NM.......`..z..=.I.JC...\.v[h.\...n...e.......R.Y.M..f..l6c[d.Mk...n...?.d.Y..&.ej...QV"......u.^N...B.p...2X.m..(......Q..L.......WUi...... .R(....../..D.y...c?.i....`..8..{.......b)@.Nc..O...@O.a.(.p.U:.{..._p.q:...?.td...NM...,.....E......+.o'~...b...+.7.=.\....4.S_Q.'...{.I....dS..Y.i..;=vK...[.n..Ij.....\.ym....<.........[.a...v}IaX.Qe.....v....m...z\AS...."...~m.n./P.......v........J..........<....m}`.......z..R.n.?.b.9....n.o..C.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_000003 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	gzip compressed data, from Unix
Category:	dropped
Size (bytes):	34100
Entropy (8bit):	7.9910561043373995
Encrypted:	true
SSDEEP:	768:JC9coQR2Y3vMRgSIR4NvbefSRPdGz5DzfAv1MBX/VWh/mvdJ:JCytNkRCRWACVGV3Iv1g8dmf
MD5:	45AAC8E03EF041062423A5398C2D6FBD
SHA1:	2995E303F2E1DF3F2BF02E2A54A27A5324883AA1
SHA-256:	00F61D97032ED678C35DA891D5373086CECDCD05CF440732EFE55B18C3CECE35
SHA-512:	EEBB99B4BAE1F9C8BAFF48D3DA0F0EB0C01B6D83F0A4D66260E55ABEF173006A557B36D0DB17B7CEFCF8FC1D32E5170933C147EEA94ABF096F2BC6506CF11662
Malicious:	false
Preview:	.............z...&...B..Q..%ZJ...4.c.v..Sl..dm5D..b.`.P.,....Z.@.._......5..j.{......._e.?..G...~..p..\|}p......>.yr..;..+\|y.-...f;.b.U;.E.......4+.lDY....\|UL..,.L5.mP...M. I..eV.w.O.j....."........D~F:k.Q..j]MRzoO~G..l".a..a.d.u.-....:6as.....:......r....v...ww4...s..n....Yt[e.v..b.$..~,:.....}..$.r....'.7U.uP.....V.\...v.YY..x..Qn.-.i.^... 5S....QS.....^.K=;R..K..4],(....%P..,......^...u............eY.ZR...^^?...Z.....3.j{......O..^....k<...aU.7..._.B;.[ss.QO~x...HV1.S>...Ql..Z..NHf'"._./i..,n\....9M...f..U....HUI6.......DO....j....b...Qq\..''......[7......:......&..v...3K.aP/.FM..eYdE...A....cv..l.8.....r.....cv!C.i.t.e...UN ..9M......#....@.F...\|.......Z57...iS.u../%..?w..3.f.......8Y.C.$.;.;M.....{..,9.{.5.U.r..NU...5khy~^....A..6.....EZ=l..]nH..w............wG..k.....Q{....0?%OuYo..h.'.C.o...F....m!.P%iu...-V...+.&........&l....,m....m.>..JE..y..M.Qz.$.z}0vG.d.o......@."......?.....V.;.z'.u.2...1%<h...`.7..F.t.......8

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_000004 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	141295
Entropy (8bit):	5.22069146855271
Encrypted:	false
SSDEEP:	768:rIXAf/ObBf+BAtShGHDktShGHDYtSCztStJ7L+nIMnf/kv4PERdIXngxdWyrERdZ:QAf/ObiAvHDkvHDYzz4d6lv
MD5:	6036FA3A8437615103937662723C1B67
SHA1:	BAEBE07436502EFA9075F80DB98F6753CECBB08A
SHA-256:	4EC6A69515CE33AE4F7FAF7E30CF4622B90F510B1C2C3BD08E05FAD04A6E59F9
SHA-512:	0453F1F1B6AE5DBA7D4BAB53CB31D5590D4107A3C239F6DECDD1B27DCC3ECF203CC43BF8A089B341FD83434F04511673940ACF2118DC2FEACF1F19C39D342973
Malicious:	false
Preview:	/*. material-design-lite - Material Design Components in CSS, JS and HTML. * @version v1.3.0. * @license Apache-2.0. * @copyright 2015 Google, Inc.. * @link https://github.com/google/material-design-lite. */.@charset "UTF-8";html{color:rgba(0,0,0,.87)}::-moz-selection{background:#b3d4fc;text-shadow:none}::selection{background:#b3d4fc;text-shadow:none}hr{display:block;height:1px;border:0;border-top:1px solid #ccc;margin:1em 0;padding:0}audio,canvas,iframe,img,svg,video{vertical-align:middle}fieldset{border:0;margin:0;padding:0}textarea{resize:vertical}.browserupgrade{margin:.2em 0;background:#ccc;color:#000;padding:.2em 0}.hidden{display:none!important}.visuallyhidden{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.visuallyhidden.focusable:active,.visuallyhidden.focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}.invisible{visibility:hidden}.clearfix:before,.clearfix:after{content:" ";di

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_000005 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	gzip compressed data, from Unix
Category:	dropped
Size (bytes):	64255
Entropy (8bit):	7.9918037834903695
Encrypted:	true
SSDEEP:	1536:WAU7JtIBVCDlm1ccpb+xZ7zoudQOtltDAsgoSuUe:Wj/YVCsqb7fdQOtnDTMLe
MD5:	E6E3C9BD6AB0153A53CF65585D780EDF
SHA1:	C82D6A9AC252A9CC11591BD36DAD9FEA64BE6720
SHA-256:	E7FE1607953DE990108B5C6EEE48182915966B8CEBE36221669BB46EBBCD7481
SHA-512:	514E82FEEB9C31D95A0D41C4F6FD34BF4664A66203E29959C2A46BE2730EF99B1389AB8C96883E8444ACF727057C555DF1815A310189F1C192C9D965AA609D59
Malicious:	false
Preview:	.............cK....<E.....(.h.L......g00.1..+...\.%....e.Y.h~...".A..U..AI...7..#C......_.............y.e.7.....?....v.V>.Kq......-\|._.........x.......+.k.._..O..\|/......q..o......[.G.....-.\|=.._.n/...._.l......c]}.%.O.....Q...$?..q.......\|.........dw....4.N....\|......N.j..eq.....>..v....t}.v........u.,....+C..u..yy=W..[.FP.55ZEBA......_.}l....\|..2).i%.L..V.{...nE9YFWD.BX...o.s..&.... .%..h."...~?....._\|p...i.C.....m.....bu.....j.F...Y....\|=..O...}p.....C..../.K.e.bu.......Z..>...5.9......d..(N?...........3>".bm...G...[.3..j..m...bm.......k....9N..v.m=-.~.~.z...\|...wl....\|.--N.~......V.>.....l).-\.m...OZ.V.>....l.X.......?8...i.}.c.~..J...k[?..@?.9)..c.K+.mV..0K..j1..4b.Q(..].(x.B.....".u........cH...#........\.....d...{0.E ..@....j..<%)..`.....@. ...b...>)..`.h..[..@...M.V..$...P...`.../...,.,.O.H.......0O..hf....5.~Z.n.`...j.J.D47.i..I>-V.....j.J..jNs~...t.#\..P.../...t#..R.n?`...._._...e..?-V...a..._._"..e....F.........OR....c....l.x.O.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_000006 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	39393
Entropy (8bit):	5.143094321164632
Encrypted:	false
SSDEEP:	768:plrmwl6Ml+UGN8KRU1hOT23avtwbRtfi61Omv463bv:BnAM3EqitL63bv
MD5:	EEA0627622CCE270130CC24C0F738CC2
SHA1:	6A61C82CE4E69F08FE7A27EA5DD6E91DAC331A77
SHA-256:	A71FD6207F6416A9147EAB09C1CAFE22C8104507DD6391248EA2921BF7D8D78B
SHA-512:	FECC843F98526C92FFB3482D6FA36ED25532800642061F1E599C30AED15E7636FD65E714013947D11ECE1929112C282F8B9B56B60480F47A4AFE75FBF2AC3170
Malicious:	false
Preview:	if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");!function(){"use strict";var n=jQuery.fn.jquery.split(" ")[0].split(".");if(n[0]<2&&n[1]<9\|\|1==n[0]&&9==n[1]&&n[2]<1\|\|3<n[0])throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4");}(),function(n){"use strict";n.fn.emulateTransitionEnd=function(t){var i=!1,r=this;n(this).one("bsTransitionEnd",function(){i=!0});return setTimeout(function(){i\|\|n(r).trigger(n.support.transition.end)},t),this};n(function(){n.support.transition=function(){var i=document.createElement("bootstrap"),n={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var t in n)if(i.style[t]!==undefined)return{end:n[t]};return!1}();n.support.transition&&(n.event.special.bsTransitionEnd={bindType:n.support.transition.end,delegateType:n.support.transition.end,handle:function(t){if(n(t.target).is(t

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_000007 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	99938
Entropy (8bit):	5.2457054011328825
Encrypted:	false
SSDEEP:	1536:8u7Yw2i2/pdUT7ZUniaohKocxwdenIAfjrDvaNnH0iJbzoTbOpoW6BNmGQK/0EiD:bIDaRSTqpGQK/0ND
MD5:	5D1FCB89C1E981268ABFA24DCB17AF22
SHA1:	D91356D7D885FA3E9D1237E9D63C78D4157AAA03
SHA-256:	B34346612F448F435ABA57B166CA340692DA19B88B31B92C8462EEAC7C92F352
SHA-512:	251AA4DDEC4BCC3665E28D55A9118B54C7C5D25E65F85E133382E9EB22358388F7971DBBC89506E91DF0A4BEBEA15BE14BCA6FB0F2BA9FF816C1E5AF160B5085
Malicious:	false
Preview:	function getCookie(n){for(var t,r=n+"=",f=decodeURIComponent(document.cookie),u=f.split(";"),i=0;i<u.length;i++){for(t=u[i];t.charAt(0)==" ";)t=t.substring(1);if(t.indexOf(r)==0)return t.substring(r.length,t.length)}return""}function setCookieNoExpiry(n,t){document.cookie=n+"="+t}!function(n,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=n.document?t(n,!0):function(n){if(!n.document)throw new Error("jQuery requires a window with a document");return t(n)}:t(n)}("undefined"!=typeof window?window:this,function(n,t){"use strict";function hr(n,t,i){var r,u=(t=t\|\|f).createElement("script");if(u.text=n,i)for(r in df)i[r]&&(u[r]=i[r]);t.head.appendChild(u).parentNode.removeChild(u)}function it(n){return null==n?n+"":"object"==typeof n\|\|"function"==typeof n?bt[or.call(n)]\|\|"object":typeof n}function hi(n){var t=!!n&&"length"in n&&n.length,i=it(n);return!u(n)&&!tt(n)&&("array"===i\|\|0===t\|\|"number"==typeof t&&t>0&&t-1 in n)}function v(n,t){return n.nodeNam

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_000008 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	150338
Entropy (8bit):	5.155620636023068
Encrypted:	false
SSDEEP:	1536:FbNQtwGIuiHHsAm88lz12XdOcciHy+4E6kqbsCrj:Oe5ZciS+96kqbsCH
MD5:	4F90B11D2ABBCB1B507A3F46BDE14BBF
SHA1:	556E1BA533892F60C51C0F8FD6D405C142D0FA17
SHA-256:	00AC29C4E5C9AE21C6B5421C5A97333C2848A9D56D0E5A5CFF8BFCBCACD3004E
SHA-512:	ED833D1787814F2997A9CDBEF9BAC7AA7D2385A77FA4A708430E682D10AB1A7C28E30F6DA4B3A3368E38A3617CE1A211466408B0F4A875A671BA7CF99389788C
Malicious:	false
Preview:	html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;-moz-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}co

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_000009 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	49648
Entropy (8bit):	4.3130306531912534
Encrypted:	false
SSDEEP:	768:XIQM6NAnQtW//24tQw218+1qQtW44om2m:XIJ6NADtx218+1w
MD5:	F88BB796BD8AECB43D6F4E040B765264
SHA1:	1E3D52FF0541F1FAA34E2814C43FC8C08F6AE9AE
SHA-256:	D61E1001B6ED7D864719899224CD8FA61E9C832B58C884EA983FBE36F070B450
SHA-512:	D7224AF8123B7AAB026069ED89A1D4B3EA307669B7BB0B5B483FF5A84A25806651F991D73927141FF1744A8512691453E9F9E793CC023A70C22D852F19E28FDB
Malicious:	false
Preview:	/* Minification failed. Returning unminified contents...(451,9-14): run-time error JS1009: Expected '}': async..(451,9-14): run-time error JS1009: Expected '}': async..(451,9-14): run-time error JS1006: Expected ')': async..(348,39): run-time error JS1004: Expected ';'..(451,59): run-time error JS1004: Expected ';'..(467,39): run-time error JS1004: Expected ';'..(495,10-11): run-time error JS1195: Expected expression: ,..(497,22): run-time error JS1004: Expected ';'..(502,10-11): run-time error JS1195: Expected expression: ,..(503,16): run-time error JS1004: Expected ';'..(511,10-11): run-time error JS1195: Expected expression: ,..(512,20): run-time error JS1004: Expected ';'..(516,5-6): run-time error JS1002: Syntax error: }..(517,1-2): run-time error JS1002: Syntax error: }..(517,2-3): run-time error JS1195: Expected expression: )..(2,5,4,6): run-time error JS1314: Implicit property name must be identifier: created() {.. this.buildQuicklinks();.. }..(5,5,9,6): run-time erro

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_00000a Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	gzip compressed data, from Unix
Category:	dropped
Size (bytes):	257232
Entropy (8bit):	7.998384916661098
Encrypted:	true
SSDEEP:	6144:GYTs+qCfww4tlCmR2ZKWgsvxy/YlrqbOC4W1:G6s+nd0lCFRlrAvf1
MD5:	C92EC4FB349E2A85B5AA6749BE6FF68E
SHA1:	88EDB666E35DEA0A0AE9DAA64D4AF890379401B7
SHA-256:	4C55D26AE84D50BD49F36581CBCAC62E16AD05715841EB2ACBEAFCE3A4077C96
SHA-512:	D2C101119E5E98ADB2E13C65B4A3B8D77B02BF9BDFB350EC864678BE141A905CE25015B56A15AF7DCC22E2EDAD2B89904C32542E4C036B2E9F37BACA3C5B1B4B
Malicious:	false
Preview:	............w.F.(.......%....Ifr.q.~n\|..[.L....HB.. ....5Y....U..~.x......DD?...........tY.Y.\F.M.\|.s._Dy.&...6..F.q.C.a.e.88..e._...n.!>..W.(;....,/...... [.=Z...?.#..kl.......x.TU......m.<..\l...................`.<c..W.....c;'.x.A.....~\|..mT.W.'.`.Z...2.....8...Qr...).z5....YP....^.t8.....O.........}......?.\|6g...07yTn.4..5....Ue..........U.y...j.....Gr...<"..a..iQ.I..8......P.r...S#!%.......(=..._.`d...'...=.P.o\0....dm..e.'.yV......$...j.m..(,. ...RB7..U..A......a.....H.kg...w..x.......%2.5S.(fl...x.....C..1..><S.7...`h...hA....J.U..<..(<a.$Y..V.@.!..Qeco..Cs.1.5.[......S....b...SPd....C....P@{04]....UK...Y'.......A..,.\.Fp...y....J".....N..e....o.Z.l...5...G.Z....r...M..Wv...Q.]Gy.H....B1...8....\|Q.j>....!..rr.r\t.....z.%....L.3-.we..gG.YK......d.4...BN].....i.&.j...K.O...Ng.....f.e."..#.?...^..}e5V.X....Q~.:K.`...G.BD{....og.....y.....VW.........":./. ..-...JJI.)...&.....w..<s.u..G...R..#"A..,...SM%;z.=5.QE..'.a.M..`....Y.O.).-K..I9...A.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_00000b Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	82054
Entropy (8bit):	7.558994326864574
Encrypted:	false
SSDEEP:	1536:M8O/55JwdOzQpQWlFI8oWubqZyACqPkk4yN0Q7Kqe/9tRqzsqe3/lQd7Q7hqYqqG:/AJwMzuQWlFIpnbfACSkk4yiQ7KN9tkR
MD5:	8E6367806DD66A70CB1DCCFBFA959D93
SHA1:	74757AF565F685D7CE813BB0601B0E0C69465A7B
SHA-256:	97DCB049AD634D583B9F3A5BF8A9528B5E9B73EC00FE3DDE65E544A7C5885249
SHA-512:	7024562AE7D105BC54CACEC51CCC1FB7F54E300AD9290E4114084CCEC8D6978B986F7D66ACB95614154BD1FA314372C25DF4BF2FB29048F2F9AAAA1610A6EB68
Malicious:	false
Preview:	. ....T...&9.w...ch7.q.V.^b.x.^.... ..z`2....x..d;\.g.........z.q. ..R.(".k$..!.....c..?..".0.Fo.. Z.r&.=.0.b..#.c..F..Jd.O#.F... ..A8.g..4..I).. L.".1x.Ja/.YC. .M<.F.~:..s-....&..x...e.,..Y.}6. .h...L.$.WD.^.5z.....\.E6."..R. ...]..Ltx..}w...&....+.....3. .m6B..c...._./i..I....T...$..b... x.MR..?...:..D.qN...i.Oa..m.. ...o...2ZG..3u..+.P..A..v...._;. .._M.c..UQ..f.0u./.........!$f... n.~IH\|..\..p.3l.@F..w.Vd.V#..:.. ..E.No.X6...h.V.P..!.........]%x. !W..M.;Dr....O%'.E.Q.4....$.2_. . ?:......A~..{..]4..z.Y...bl-..u. .BV..u.owp....n....ws2.S.9..Lj.. .......~C.5..PyP....F.7......A. .._.<Y..DS....^.v.....'s.j.... ..Omql.l.l.iEnh..8.b..A.C..X.... .V..I....._...yn........T..N... &Fz..5......yP.x....<.....H...2. ^.H..(.qQ..o..)'s`=.j.....r..B.. ..C....#.W.S.Qwg..a...#.2RM0!... m,.v..~wM.%:..../S.+.p.........Z. t5...]s.X.\|Q.8s)..D.....>V..3... I{........c.2.F.N..%.I.D.....9. C..*.B.....Y.....U..&K1...Ar..D,. O.......E.!.1.........K........ 3m.ta.3.P.g.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_00000c Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	62491
Entropy (8bit):	5.228810918702033
Encrypted:	false
SSDEEP:	768:rNU8HmbIAXhaE1cmVSC5TybniIhf9SNQ5AY0oLyTuWkxorJj6EkUcFcdcWlht:BUZj5TybniImNQ5DsmEJht
MD5:	713AF0C6CE93DBBCE2F00BF0A98D0541
SHA1:	1AB50540032210391656928CD1564530353096CD
SHA-256:	3C27EEE3E7E742BA78C0D9956E337579A5F82DB3AF39E8DA6F450E8632DECEBC
SHA-512:	98F605446920AD7BC8428F5E30A8EFE6FBB2EF78FB9175DE965963DD6E3D9D508A6AB055394C4D6A2D9D9EA548A7C4279D54BB00A1F0745C9949589B4AA5AD93
Malicious:	false
Preview:	/*. material-design-lite - Material Design Components in CSS, JS and HTML. * @version v1.3.0. * @license Apache-2.0. * @copyright 2015 Google, Inc.. * @link https://github.com/google/material-design-lite. */.!function(){"use strict";function e(e,t){if(e){if(t.element_.classList.contains(t.CssClasses_.MDL_JS_RIPPLE_EFFECT)){var s=document.createElement("span");s.classList.add(t.CssClasses_.MDL_RIPPLE_CONTAINER),s.classList.add(t.CssClasses_.MDL_JS_RIPPLE_EFFECT);var i=document.createElement("span");i.classList.add(t.CssClasses_.MDL_RIPPLE),s.appendChild(i),e.appendChild(s)}e.addEventListener("click",function(s){if("#"===e.getAttribute("href").charAt(0)){s.preventDefault();var i=e.href.split("#")[1],n=t.element_.querySelector("#"+i);t.resetTabState_(),t.resetPanelState_(),e.classList.add(t.CssClasses_.ACTIVE_CLASS),n.classList.add(t.CssClasses_.ACTIVE_CLASS)}})}}function t(e,t,s,i){function n(){var n=e.href.split("#")[1],a=i.content_.querySelector("#"+n);i.resetTabState_(t),i.resetPan

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_00000d Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PNG image data, 400 x 236, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	168337
Entropy (8bit):	7.974307496743333
Encrypted:	false
SSDEEP:	3072:omgmnCqU/u4Ap48wXMf/fhDTbe5RFQ36yC6M+anyiaS6WtJd+27+hlvp:oNmnCbsp48IMvFTWK36yCd5n3aS6SAlh
MD5:	CED45A8465E55F2D5B52BC68D0F90A72
SHA1:	6D9205B12C5BDE3FC881CF0D2A647B71B3B8BB4D
SHA-256:	D6D05AA79A9D2A384EAD0698E6A8CE9980CC4D9F2440805C84BE4DEE7E855399
SHA-512:	8ED79EFFCA28E961178F6514F5A35BA6D3C51B5592ECBBF2B0899ACEE9E5BAE7B46F3755A43CFEEEDDA4D1B579F368AE917A59E0922F8ECF8385EC7A8EE16B0D
Malicious:	false
Preview:	.PNG........IHDR.............Z(....4.zTXtRaw profile type exif..x..[.$..e.m.\....r.. 2;...9.Y..M..tfUFd.....W.UU.......o..[.-.+..J/..W...7......N....w..~..."?z.......k........0......?...?.CO.>.....y..".?...\|......\|..M............[.......<.....O..[..<1.'<7..'........7.?../............w.t......?.J..~S..{....y1......................}.......sV....TX..gR.M.........V.].?.}.~w~...}..u.....z.l..).0.......!..c.k./{...Sc..s_lf.w8..W.]....>.4.},.{n.....W..1.aAS.........s\..\L.>\|...F.0.9..UlH8..Q........}}...-sc....9..-...6...?_.u.....gg...v.......XC`...3.....'[.r..Q..<..i.g.......?.......58.{..6......s...{..)..RJ-..OM5.Rkm....Zn......?.c...z.c...'..=x..3.g..g.u...x1.7..-o}...w....N...j.....v.y.]w.}.....O9................_........[k..#.p..3v,...Ww......BJ.r...G."GF....1v0........s..oWJ._...........;._.....2..s};.........Fl....z...`.i..XriO.{Y....X..Kj..>Tk\|V.O..'.w...~YC.q.R.V...............@..y.#.\|.}...o..;....3C...{y.f......N=.H'.......Z

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_00000e Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 102728, version 1.0
Category:	dropped
Size (bytes):	102728
Entropy (8bit):	7.998006256786191
Encrypted:	true
SSDEEP:	3072:Z0hMAay5hrFL8GvU4yJDpzdbbLSN6BqxZCTN2DQCLPg:iV3hrx5vU4qzFWNUqxa4DRI
MD5:	8522AEAE76B6A9B06CC4AA02DB8CD1D6
SHA1:	979A0030A8805BA7231EB185BCC5434D1D3A2C69
SHA-256:	9EE528FAE3270A18F9EF02E08BAA054B2A428D449190346A68AFEFEB047FA6A6
SHA-512:	6E4544DDED7FFDF0E19DED8404B912662264511A509DC352FEEECAA6EE71C5FC1CBA15C861EA6A2161FE15213C30A189A9AA9B318607CE33A30FC8ECE1B1A7D0
Malicious:	false
Preview:	wOF2.......H......g ...................................V.`..D.......4..f.....6.$.... ..z. [.\|..?...{....W.....U...c;...T..UK....M.........;.......{...V..wI.9......_.p...:.E..1, ,b$(.>.$c?............k.../tI.,.\..._a...Z.=..Z.Z..$.H(.[k..7.o&...#....p.o..C..S..m;.5u..~-..\|..K..-...`...,Z....M.@.J.i..5.I.HZ#.,.1.....Y.c...Z...?~X.Y.K.w{.YN.>..:q9@..b...~../.@./.d.yxb"-.(_.....{.lu/.3.lc.!)..<I.T.'.i.\.!y!9A.....@..%.......<.e...0.X..f.5....T.)..[..1&.w.#.%y.O.B<...s..Tq........S{%..Irl.u..Er..}....l.........\..&l.....L.........b.....w'.`p.....`4...y......."..k.#...OXkA...g......C.w.....O%.H.,..&.(..E4..C.(........g.}.Hp..T...\|.....):.....P.Gf.*..n^ ...?.'......Z...2.a...$.T.WM.........B..Z...:..@.O.X...n...e._)..d.e{.8..$.f2.{n...N.^"./.`..R...u.....2..{3.I.P.......qP.."..5N..nI...T...DDJ..aS6A.j.8-.2e.;wX.....G....(u.C....!.Y..=c..3.[7..a.....1.L^.mNI)......U4[...1...c.'.ADDD\..!"n..RuMuU......L.....w....QX.$.B-.....Yj<........hk+.i..0.\

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\f_00000f Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	32038
Entropy (8bit):	5.104352236785294
Encrypted:	false
SSDEEP:	384:9FMKxxje8gZryMDXe3ibKSo3MdXA1SPrQHg4M:bpr68gVy1i2SzdXA1wrQHg4M
MD5:	4859E39AE6C0F1F428F2126A6BB32BD9
SHA1:	1C0C85678AE963BC96D0B7FBE1EB89074CF1FBE0
SHA-256:	A94F8A8553CAEA8430DD4CA3CC01D4E318D19828F74CB65453FFB7F5D9E2F44D
SHA-512:	97541B40D8BEAC0DD8831EF8D2814EFEF10CFB185DF316E05B4F3AEF0A2D1839FB7A39D90F141F490E21B2955C32DF9D690785CC4DEF97CDFCE21ACF9BBAA2C7
Malicious:	false
Preview:	............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... .....@................................................................................................................................................u..L..n......................................................x..V..m......................................................{..X..n.........................................................\..q........................................................a..u........................................................d..x................................................S.......i..{................................................E.......q...................................................E.......o...................................................E.......q...................................................E.......u...................................................C........................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cache\index Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	520928
Entropy (8bit):	5.060857152499416E-4
Encrypted:	false
SSDEEP:	3:LsFlPlfml/l:LsF3mlt
MD5:	7A9569194B22F6562F88A2E0971B763F
SHA1:	F32678FDC906953A491DE92E4A3F876AC8777086
SHA-256:	0D375AEDBA5C99CCCDF2EB3092D20474BE7C9A853C4FD16C763A728494AC9FF4
SHA-512:	C92D28EADF6F07FBD0E33F48199FC3E45F51BF621B9D49C2822CCC00B466F0F5D7F7E591D2AC981589B7D74C4CB479AFF1FFCD2CB0A510298EA9DCF17E831895
Malicious:	false
Preview:	.........................................}.'` /.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\0196fca19dafc6a2_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	229
Entropy (8bit):	5.833208671120885
Encrypted:	false
SSDEEP:	6:mHdPYGLKKLiImEBHyrAfTDlQ7i8rRS9RW4slhK6t:4qIdH26TDoiKUY
MD5:	FDB088862B789F28F1A6B5578409DBB8
SHA1:	D85D7B51725B3F6FA33C578A904803C641363999
SHA-256:	1D9B662A167924E24CD7DCB12A4E5EB86E2CF1DCCB0E23CF01866B7B4B54B21A
SHA-512:	7F88E4DA6C84B20362972630B4BDACED3C93525EFBC02E4D7A710560A6A9B7A04BBF1AAE6FFA00F366C2E1BE3502ADD211117C1F682F1760FA64D924339AF5B6
Malicious:	false
Preview:	0\r..m......a....L<....._keyhttps://www.mywavehome.net/bundles/bootstrap?v=M4Nk6kIOwMFflsEKET0iPL9i5YBqbzMzvUOrd8gyCnw1 .j..(` /.........,%.@...........X..l.j..(..r\.....zI......".A..Eo.........!.........A..Eo..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\02d5aaa9791a8222_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	182
Entropy (8bit):	5.437973813178338
Encrypted:	false
SSDEEP:	3:m+lG/llLA8RzYP2mqULTIFMEJdHWFvUXlfmtW73W4j2A7zKoyg4mSlllpK5kt:mPllVYemv3azdHjQtWTtm4rWhK6t
MD5:	1B9A6DBBF6CA1B8703DAFBACF50B2DD2
SHA1:	AEE95DB7E222CC37514592E56E37C0D4511A1280
SHA-256:	04BA188C5C79BE591C5B0B70066DF064B0305C128054C96FD18FF480D179452D
SHA-512:	1D40C90110B8DFEC0FCC60565A4E75457D6132B9F4B875A99DE7F8CDE2D61C05866415B80D7314B0C8CB257759552FF05829B9E50A445F23045DD6FB8D0EEC48
Malicious:	false
Preview:	0\r..m......2.....T)...._keyhttps://code.getmdl.io/1.3.0/material.min.js ....(` /.........,%.@..............y...cv..9.......}..V.n....A..Eo......I...........A..Eo..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\092c4a51c05bcfd5_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	234
Entropy (8bit):	5.876079943959864
Encrypted:	false
SSDEEP:	6:mWYGLKKLiIbi1CYKcoqYtPNFgVTVT0AuE1bhzrvDK6t:GIbabKcoqsPgXT73lR
MD5:	1150C1E0350EE11E24DECBFAB6F17430
SHA1:	C15E440796FFCFEDC5A6B284384A5B6CF199D425
SHA-256:	F0A906CC22D6D87131A2D967849B2E336B9A71969EC5DEEE31DAF1228A3FEE1D
SHA-512:	4D24B3BE25340430EE9AABABA277A350465102C682D5A63D03E50A3395775D79DB7F0F1908D7B7C41B9F2B30719DCF527775E5A9D09CAC8178B05E885F36F28E
Malicious:	false
Preview:	0\r..m......f......e...._keyhttps://www.mywavehome.net/bundles/sidebar/mixins?v=bqq46_4UhrwCSNrw-9D_zKagl1-Hu-SB8M17Ij0ryX41 ...?(` /.........,%.@..........F...x*&..)c......}....z.Q.i4.A..Eo.......3.&.........A..Eo..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\3d799cc0fb94fad3_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	177
Entropy (8bit):	5.315801096277916
Encrypted:	false
SSDEEP:	3:m+lVwgv8RzYrSLW2bTywIgJSFvOFKlXllMnTDmnoRXJhm5mWIl1pK5kt:mKEYGLLB0i+YankXTm4BK6t
MD5:	87A7314480140A7D03E2834E2B53D7E2
SHA1:	5DD99CFFE328EEA4820557FFCA6850E5715EB274
SHA-256:	8E94F3B2FAA4BFC150CC09DC6914559C98AA5B72F188E4DFBA31A7BCFE59AA49
SHA-512:	A6625D2E2291BB80CA7E5DFABA21F7FF44678037A825C38824FCF8A074AA1CC8C376B2926FB90BB8A06162A19444AAC2BCFF5C9721A45331C9C82D1ECB376CCE
Malicious:	false
Preview:	0\r..m......-..........._keyhttps://www.17track.net/externalcall.js .^r/(` /.........,%.@..........]....V.X..B.D.Tx....{.o.}....x.A..Eo........N..........A..Eo..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\4fe07a6c9bd5d3de_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	172
Entropy (8bit):	5.315962120840482
Encrypted:	false
SSDEEP:	3:m+lekllll6v8RzYEmskfpTQAXTF+1lXl1vgtllUsZphtsdfSDL4mrKvpK5kt:me//6EYEmNXcjgUszhadfSDLrroK6t
MD5:	C8566DB8F8792AC7D128E124EA7A6FB8
SHA1:	A207D852FDC9C323276B44BAD11A7E7376B9BA59
SHA-256:	22AE3F90476C4E2A45E0CFF62C98264F60780DD9027FCBAC01A126E414225C15
SHA-512:	82D3605DA7DA3EA1F84AFC6161027C2952E012042D8F2CC22ECFC4227D5C021B8C145F8F93936C66F2D646533E7360421FB5C1AD7B7E7BBE31F2D0C8BF8B27C4
Malicious:	false
Preview:	0\r..m......(.....&...._keyhttps://cdn.jsdelivr.net/npm/vue@2 ..Z-(` /.........,%.@;.......q..w\|.U5.XS...~.[.s.[ v...y.:....A..Eo.........@.........A..Eo..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\7900a8dc0de985d4_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.669975581600453
Encrypted:	false
SSDEEP:	6:mKtYGLKKLiIbi1fHMWl9a6/tSXfjftZDK6t:/wIba/MWHaKtW1
MD5:	E25B1952C8B1A4C415C8413C0816A02D
SHA1:	AA5090B74BCA3B5949BF78213682DB22AB25B50F
SHA-256:	9D3F06E011C66407A121DE8185B28BB4C9D68052B6EE712A189515F35335A3B0
SHA-512:	D67FE74BEE454020C364BFACA04F4BEEEDF81E5B16FF30C68F3A230FD7DAC129EEE78B7DB6EBB1B1C4C43554401F5EE7897A3A1348363ABCFB6A0273931A8C53
Malicious:	false
Preview:	0\r..m......d...lW......_keyhttps://www.mywavehome.net/bundles/sidebar/main?v=7G7euylvm4cTRTF3SzjSApAeSoy77cU_JBwqR3wVYMs1 ./.?(` /.........,%.@2...........u.*.s..v..dk.Ed..\|\.@..u.(..A..Eo.......<...........A..Eo..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\83d2be98a5c4c45b_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	190
Entropy (8bit):	5.348101332105019
Encrypted:	false
SSDEEP:	3:m+lQe/xqv8RzYEmskfpEOIK7WFv4F+1lXlNvgGDj+o5ILHJ3S/yRmdotlpK5kt:mO/MEYEmIu9g7gG/+o58HJ3cndoZK6t
MD5:	EB5BC8E7DA38CC0EE813460CEDE9C427
SHA1:	F23EBF8F8A09C8593F86B73B287D96BE5440C51E
SHA-256:	37AD86682900F5BF7A8611B3368306D71EBB1E1070DDFF1EBBC3B0D73AB72097
SHA-512:	592D912ED113F973504A3C49414B405C192B8D561CDBE791C9549D0A9C12394CFF5CD4A1802B84B88A539B611B62561D141F9B683C3F7625B8F1DF26E287EDEC
Malicious:	false
Preview:	0\r..m......:...j......._keyhttps://cdn.jsdelivr.net/npm/axios/dist/axios.min.js ..-(` /.........,%.@C.........Z....y.DHxj.4.'...K"\|..',....A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\8d95d94a7c6ebc81_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	227
Entropy (8bit):	5.781379032186269
Encrypted:	false
SSDEEP:	6:mYEVYGLKKLFUNb8jVNESZ/sXM69iv7lZK6t:FEnU6b/h5T
MD5:	EBA8C79FA780005BA4A0274D72ED12D6
SHA1:	0E23DB5EFCB0BF6E16394EF39BD6794AD405A0EE
SHA-256:	36616CF51F4D0DAD0A607F6CFD84E708985F629826B4DF75A89E29617DA46A3C
SHA-512:	FF0E7B17F7E0A0D03A14928BDF58247DB2F94B55D9EE5592B66039A3EF86277913BE3E029F083518786132E15EF10425CA9A3708CFF02BDED51BE64015A465A0
Malicious:	false
Preview:	0\r..m......_...&..%...._keyhttps://www.mywavehome.net/Scripts/ntpwave?v=RkW54dTi0RCS4jyYPFmJkeyutkOTDkB0HShLfx1pqFo1 ....(` /.........,%.@...............}!...daN.]M..i.....?......A..Eo.......-.0.........A..Eo..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\9a4c9d8b4c57a8b6_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	194
Entropy (8bit):	5.370938577713965
Encrypted:	false
SSDEEP:	3:m+lKols8RzYEmskfpTQAqAmXD1AWIgvlXlzYgWHB8eCzxyRmQXStl/pK5kt:mwYEmNqJXJd/9gHaefACyhK6t
MD5:	9A03E0916FAD76A7018E93A9381647B7
SHA1:	76459BB46E02F5467B63A322A5FB878A4AD47940
SHA-256:	9EBB81CF97958F947B0BB3AE0ED2B0E1D96C69B3AFFBB3E6C82022CFA88D421D
SHA-512:	02673793DD6E20924F40981E0CA0BBFBA92104383081B31D07AA4022AD3F59DDBCDB2F7616FF412A78A2AF03C21356746CC8203EF1B65B58D7A1B528BC9B4EBC
Malicious:	false
Preview:	0\r..m......>.../......._keyhttps://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.js .N.-(` /.........,%.@........{t"4..a...:#..6:..Y#'...>.o......A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\cab60ece2af0b381_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	229
Entropy (8bit):	5.762992177171572
Encrypted:	false
SSDEEP:	6:mH+qVYGLKKLiIB2ClIqu0kM0VIlvDWfnCbENWct/UbK6t:+oIB2X4+Ilv0nxNWca
MD5:	2713A6DA26F19B8FEC9B8B82DC9C3EEB
SHA1:	95F5D18C614A5A253153359C5CEC1864321B903B
SHA-256:	2D874FD427D503436E87304E6A65553291DA231F460314E84DC0A5C94D341E0A
SHA-512:	B6A8474A42C0AD3E7BB006EC437CBFA508009A12FB7C6F7D5DF3C3430220D4D874706BCD9D3D86E0523E7820E1DC4244F7EEC4638498F480CCD72E676A91171F
Malicious:	false
Preview:	0\r..m......a.....c....._keyhttps://www.mywavehome.net/bundles/modernizr?v=inCVuEFe6J4Q07A0AcRsbJic_UE5MwpRMNGcOtk94TE1 ...*(` /.........,%.@)........l.i..j....@.X...ah..S..u..D.{n..A..Eo......jII..........A..Eo..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\d7195f8afea71c5f_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.860681811950048
Encrypted:	false
SSDEEP:	6:mcrWYGLKKLiI4KH45U31FF+UxXyktPvQ/m4kDK6t:5rI+UFFgcpo4
MD5:	E06541DD3FE6D714BC6BE43309C17A1E
SHA1:	0DCEB6AC54FE7C36005DCDEAC8D3E4799D47AC65
SHA-256:	D0364962F997555D9D1FD4F7FE4CC4D5B5EBC18B2B51C8925B18E8B8C0E96D39
SHA-512:	B101B74AECBD984A0DD6EE7C3536C31EB8B85BB0F1F6A0325916F851B6DB1D7DA2EAAC1DBBC979F9978F0460829BEADF9A7A7DF376B87C1B3C30944E7A96E37F
Malicious:	false
Preview:	0\r..m......^...@......._keyhttps://www.mywavehome.net/bundles/jquery?v=sR2Y3C1DfDKX_L5F4SIzzUDsGAArU4Yr1QRaIlz23bo1 .q.(` /.........,%.@\|.......j....=..&...>8........P..c...A..Eo......X.oa.........A..Eo..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\index Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ISO-8859 text, with no line terminators, with escape sequences
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\js\index-dir\temp-index Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	360
Entropy (8bit):	4.611898144605549
Encrypted:	false
SSDEEP:	6:bwX/Mn73pNlKVGw9wrpsK/ItW/QnFYJLlTrcEV/+:bukn73jIV3K2K/ItW/GKJLlTrnVm
MD5:	350A4BDB0334563F5C169C148568913A
SHA1:	E938DCF67A5B5380F36758C48CCEBCD75A265A1F
SHA-256:	E44D8D3EED32C48C2C411F67EB11BE213B8CF16663FF036539F05A7F25399015
SHA-512:	457DCAF702E2EA1708F9BC88C5E231E40CAE33B3A4B49C9EA23A561844FA3D9FAB6648D3CCCCE5830DE76C635AE54B9A558EDCF25F93927530030A01FAFA90EE
Malicious:	false
Preview:	(...$.XIoy retne..........................`'` /.0...a?nKoy retne.............................y.].` /...........WL..L....` /........."..y......-` /...............y=...` /.................9.)` /...........n\|J...9.)` /........._...._.....)` /............lz.O..9)` /...........[.QJ,....` /.........[.......9)` /...................)` /.........S.0*` /.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\wasm\index Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ISO-8859 text, with no line terminators, with escape sequences
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Code Cache\wasm\index-dir\temp-index Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9138909867280645
Encrypted:	false
SSDEEP:	3:DfRAyE2KFGF+:y937
MD5:	FCA1E1243D3AFE83C46DFD3440E22870
SHA1:	053134B0313881F5CE52E4679A64D17F79AA4BBF
SHA-256:	7AB3E1C05CDF22370720A7D1697DF2EE6C41DFE482AFCDCE2CC40362EFF0BA49
SHA-512:	5952F0BA7D854D136479E668816847E01476631AD06094708767D5BA3DA994E399D84F2A2B5734C166F30319ABBE0BDDC5434CB6E6E9F5739023A06C826AA6A1
Malicious:	false
Preview:	(...^..oy retne..........................`'` /.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cookies Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.7272278893066564
Encrypted:	false
SSDEEP:	48:TZWfSU1KPqfErLOpEO5J/Knvm7UavErLOpEO5J/Knvm7UqUFxvKp:9WfARHNwqHNwive
MD5:	EC04CAAEFC5CDE02DFCC345242721DD4
SHA1:	134A70255E1E7127C38AF2F1F74CAA089D44010E
SHA-256:	09A7900CA4D676AF75F895939C7CA78786BFAA53AB22C3F36FE3E532CFCC80A4
SHA-512:	E1A6228FD7CFBF0659FAD316980AACDDCF9C7D5ACCCDE50146DC5156EDEF9C71A8A281CFE93B64D6138F208FE64BB704ACED99D8BDAD004B0F91DE9AD20592E3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G.......g..g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Cookies-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	17988
Entropy (8bit):	0.6815808071066144
Encrypted:	false
SSDEEP:	24:M+t/wqLiuWfKI6UwXXqLDErbXaFpEO5bNmISHnCWm06UwM8:MMIqZWfSUsXqfErLOpEO5J/Knvm7UP8
MD5:	17E9399BA81D082595FE4EFE78F15DB4
SHA1:	C912F6D3D0E9DA1B5D98663B42A221600D8BA118
SHA-256:	AA2A0230F179C5DFA24B8391AC89A1F98FFC4799CB0E98E6EC01BB543FEC54B8
SHA-512:	A0599F23DD52C9FB8298E7D804C879CC607575A811D30114CBDD282E7622D54C02C4D9D8CA518A66C8B8A254FAF273B581B4FC15F3242F8022E1C861F798E40C
Malicious:	false
Preview:	............hsn..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c..................A..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extension Rules\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	114
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCT
MD5:	891A884B9FA2BFF4519F5F56D2A25D62
SHA1:	B54A3C12EE78510CB269FB1D863047DD8F571DEA
SHA-256:	E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
SHA-512:	CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	137
Entropy (8bit):	5.190782394651357
Encrypted:	false
SSDEEP:	3:tUKDdIBXznL3AQLKqFkPt+kiE2J5yETAZuXb4E/9eaPrjWIV//Uv:mdzL39+q2Pwkn23yEBN8aPrqIFUv
MD5:	EBDE579FA9143183BF83571F3E3D9E45
SHA1:	4C0843B3D6B1B53007C74CFAA5996E3B644CB0C2
SHA-256:	452099CC812973FB92A4D7CD1C4D6DA7BA629E707251C3F491C3B49920400564
SHA-512:	BE8BFDBE4C04DDAB8100DFD39BD00866F89FE417EBA365BF72CB25688FB78C7786FFE57AE4B831A87951B058EE6A274CDC7AC502BBA0249B1B4A7731026ED5FA
Malicious:	false
Preview:	2021/05/08-06:21:56.086 1308 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extension Rules/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extension Rules\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extension State\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extension State\000003.log Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	6060
Entropy (8bit):	5.351994235494371
Encrypted:	false
SSDEEP:	48:lYfmEzIEqbzYfMhEEIYfBbmPGEqEVbDEVdYf0bnIEKBEMYEkYfhbCIELEJETYfO1:N50JOrYmINBqBI+YfUp9+hf3ec3E
MD5:	5796DF90927510197C678E83E10DD037
SHA1:	525DD4C64677A73F4F9A66A5EF389295C5FCB74B
SHA-256:	FBA7B4F78E9B7ADACB30BE2ED145D09B4DE7125888A997FE70DBD05A07A607FA
SHA-512:	7F679F9753E0228B72F1022CB43F1D77C5151FEB757F6EA1C085B6FA4DB941D472F7753DB20DAB73ADFF9E2FBC777792033570C7EF866761ED8E7B055192A055
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5..................m................'cplonachkpjlngkgbicfcmaelgeojmhe.alarmsp[{"granularity":"60000000","name":"imp_chr_ers_state","periodInMinutes":1.0,"scheduledTime":1.620447726238e+12}]..F..................F..................F..................F..................F..................F.................H................'cmedgpckncgempanpegahopilddagioh.alarmsn[{"granularity":"60000000","name":"checkLastPingTs","periodInMinutes":1.0,"scheduledTime":1.620447716792e+12}].=..................'cmedgpckncgempanpegahopilddagioh.alarmsn[{"granularity":"60000000","name":"checkLastPingTs","periodInMinutes":1.0,"scheduledTime":1.620447776792e+12}]lJ..................'hjbeoheoghofnhfmppfonmlmdanlmjoc.alarmso[{"granularity":"60000000

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extension State\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	136
Entropy (8bit):	5.2062656469306825
Encrypted:	false
SSDEEP:	3:tUKDdIBXtUcNcKKqFkPt+kiE2J5yETAZuXb4E/9et4wkvWIV//Uv:md9N4q2Pwkn23yEBN8NIFUv
MD5:	57187F91825C29ACAB55683709B4F18C
SHA1:	0D219A7E7D4578F16C4AD269C89ADAEDA2686E11
SHA-256:	76369A5F4B8E127A3D3576B14A4B045DA89FC168EC24A35699B9B4EC964E3736
SHA-512:	BE2CCE5FF23F960C8F6357CD135A94FAA30B1A4329BBF4637D67BA2D19650E64D12DC37AB7D7911D2F024A7910FE79F9C9C8DFD150EB9BF151ED7C4CB526E049
Malicious:	false
Preview:	2021/05/08-06:21:07.113 da4 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extension State/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Extension State\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Favicons Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	1.276134146131114
Encrypted:	false
SSDEEP:	48:/Bmw6fU1zBmINC2yo9X1Ht+URH6ahgvWjRedh8yY9pswt7Fmic6Eqr1sKMAMa6IC:/BCyLzX1HtrRBhyWjR/19SyEqrMFh0S
MD5:	3D46D9373F738BB76D8BDA4B39519CEC
SHA1:	B5D38597E1ADEAA65DBAD7301D33D64D7E870DE6
SHA-256:	3E5A7B399AB782442C707C5108CBE338EFBDB4897D90AC612201D6ABCD477551
SHA-512:	B85A3F8B2F105C45A68A6F046CD3115D9CDADFD97E552CB067D1CB5A568DAB3CCEE2CCDFDC244C083F08D032448788C4FBAAE50379D0D3EEB097CF7F253C51C7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Favicons-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	15440
Entropy (8bit):	0.06100246029850184
Encrypted:	false
SSDEEP:	6:Z+/l/l6L1+yL5/wL1aL5oCL3aLi/6L7oCwwKl4:Z+t/lNRYH/8q4
MD5:	614FF6B16F09646C219EFEA6AE5ADC79
SHA1:	B50C94FD1BE2C51C11F097BB5121CB850B4FC451
SHA-256:	318870FC43C4611E8E6075ED03CDEEF9E5C54F62D334E66FACBA5F5BD0BB75D7
SHA-512:	C07560F05BE31C6F7327A58BF45AB1274224E94B218765EC34417B754F155C8ED7E8FF363358ABF1CD3D131FDA3951AD0E07F42FA3602EB516F92DFD495D8026
Malicious:	false
Preview:	.............v.&.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.................t...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\GCM Store\Encryption\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	141
Entropy (8bit):	5.253155721796727
Encrypted:	false
SSDEEP:	3:tUKDdIBXjy+NLKqFkPt+kiE2J5yETAZuXb4E//mT5g1IdjWIV//Uv:md+2+q2Pwkn23yEBNWT5g1IdqIFUv
MD5:	1614043689B307648963826504E9DFA8
SHA1:	A772C0915D135F942481AFF55424D2F338A8BF19
SHA-256:	18330A2F0136CA9D086C00BC2FED55F062151A9181D657CB20DB2E7E062A2A05
SHA-512:	1EC822F700D9262E4A74D4C35753A10378470255677BC655C853FF42CD16FC92399CD243C760191FD092673F4A3E339CD2AB646B037D17D2690FF8C24C7B2F39
Malicious:	false
Preview:	2021/05/08-06:21:44.770 4e8 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\GCM Store\Encryption/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\GCM Store\Encryption\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\GPUCache\data_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\GPUCache\data_1 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	8488
Entropy (8bit):	0.03529448480826166
Encrypted:	false
SSDEEP:	3:MsEllllkXl6Eflqbl:/M/66JB
MD5:	4D3A267A12D16A8D5DA7988E4A750688
SHA1:	2FB645F8B5DDC257B73A0493E78C0099482E4D79
SHA-256:	D826859D88DD5FEF1BED7DB8A2366D060D4C7120FD38B7E0AC59C5278CC6089A
SHA-512:	3986D29859B7D9C5CE53D2FAF39D4DD46F2859748C4630C2850F45290F2005A111C4747E491CF10C67FC22FF3DC4A971F8138113A4D4ECF957CCC17261CFED58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\GPUCache\data_2 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\GPUCache\data_3 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\GPUCache\index Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	258784
Entropy (8bit):	9.680375142747716E-4
Encrypted:	false
SSDEEP:	3:LsFl0l04CXl:LsFK04C1
MD5:	2AECAAE6661AB13DE3069B502C01C4F4
SHA1:	13E9DF90F8466890F17E2FE385044260FF91A543
SHA-256:	24DD372FD3F47CB1A0710185B997C6E40DB5631C161252384602E064EA311AD0
SHA-512:	08DB0335BAB80C50A868A96F898B37C7C299FEF0A71B4168EC76DDF4BB97D6D6B37C353CB591231167B3FB0AF0849DD553B7F1963C5361FF807ADABCDAAB0412
Malicious:	false
Preview:	..........................................`'` /.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\History Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	118784
Entropy (8bit):	0.45076646613571847
Encrypted:	false
SSDEEP:	96:M/WU+bDoYysX0uhnydVjN9DLjGQLBE3u:M/l+bDo3irhnydVj3XBBE3u
MD5:	5F22E24DCF177F0133350F25D539884A
SHA1:	FF3AAE2E039780B82B471206BAA9DD7589043856
SHA-256:	EF37C2736E92336E5BA8AE60BCFBF857109B881BDC94BD50166EF1F342FF2697
SHA-512:	0386B225B017FD1276BA00364F2C7391026DF930548AE8CBDD761B9211FEB28040A8AF25F8ECF57EC8744D2E71646A1EBA93CB59CE86B781D3F3FD00A48E74C5
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\History-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	9244
Entropy (8bit):	0.22808577553231293
Encrypted:	false
SSDEEP:	3:VllPlFllxFEG2l/lploln3lljq7A/mhWJFuQ3yy7IOWUNol/dweytllrE9SFcTpF:Vll5+/l/lplqs75fOD4/d0Xi99pG/Wn
MD5:	F69EB4D4CAE38527A3ED7AEEAAE5E14F
SHA1:	92DBE945BE2E63288DE6BF9C82C05095BEFC2FB9
SHA-256:	EDCEC84BBF322880062D3C2C3D8D84C042238F9D25F7D196F65B96BD29B70FD7
SHA-512:	CC461E75EF91EDE804FC656013A70D28D0C5E1AA4A6D03CEDAED60FE134E80328D2A9A54DE6460E4BE8D47B3596CD1CB57613123F70BBB4EC65793CE2F72D8F6
Malicious:	false
Preview:	.............G.`.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\cmedgpckncgempanpegahopilddagioh\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\cmedgpckncgempanpegahopilddagioh\000003.log Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	236
Entropy (8bit):	5.361587340535294
Encrypted:	false
SSDEEP:	6:MtsGuD2UplK8E1bYxTIJ3yJwH+TexAcuyzUvnySnS5:bSkKfcyawzUyGI
MD5:	22E57BED9F7030EAFF69B382A2B9CAB3
SHA1:	F238E5E5CD85F256CB9543E5A18066FCB2628AF0
SHA-256:	02FD8770FBB42BECEFEE65E4065B1865D23EDF23AAA05CE6B200334A90965F2F
SHA-512:	DB4291713AACF39629A3255D1CE1D86E4190ED28F1402CE274375FEE87F18BCDCEBDA29E3130584DCC642E561669BD6CBE9DFD8CF12D4D1F95AFE49825801DA2
Malicious:	false
Preview:	...................trackingData..{"AdProvider":"appfocus1","Implementation":"wav","Source":"-lp0-bb6-brwsr-inst","UserClass":"20210508","UserId":"ff016ddb-5584-4b46-b38e-499f2baf1385"}BF.2+................lastPingTs.1.620447717765e+12

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\cmedgpckncgempanpegahopilddagioh\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.300524293377512
Encrypted:	false
SSDEEP:	3:tUKDdIBXzlpVXAQLKqFkPt+kiE2J5yETAZuXb4E/0age88x5zsOLhrICgWIV//Uv:mdL99+q2Pwkn23yEBN8age8Y53xICdIg
MD5:	3FF87432123B04EA390078C518F5191A
SHA1:	6E3DBDEBB2E90453F3110C8FFD1E58116D057505
SHA-256:	89000410F4F7C579BB811DE28C083D9F0A48C4A3E8806CC1640AE29A71D910BF
SHA-512:	0DD0736265EFADCC67ACEE734D8922EE7975BAE12332D3D86C806E5BE904B0181DEEFD0C316C6D282E96DEBDF093D328AD88198028D622CA0E5B841EDF89602F
Malicious:	false
Preview:	2021/05/08-06:21:56.772 1308 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\cmedgpckncgempanpegahopilddagioh/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\cplonachkpjlngkgbicfcmaelgeojmhe\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\cplonachkpjlngkgbicfcmaelgeojmhe\000003.log Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	65
Entropy (8bit):	4.485013185552494
Encrypted:	false
SSDEEP:	3:Ykflkst8meyX6zimQFch7Xn:YHst8m1X6zBTn
MD5:	FC8829B0B1A6C181F832E8CB90626977
SHA1:	4585203B17A388FFD99F7ADC4DD0C58A019D2C54
SHA-256:	1097C72B358AF0B53BEE5B97173B1A96BCB53C0C51A72EAAA6404444D4F341BE
SHA-512:	C715CD3EA322DF3D15B0F67C8C0CA7504B48E23C852FD10322FFBAE6C3446BDD269CB156591049001B045616446922BF50AA42BB631F2C75A96F048126D4FB0F
Malicious:	false
Preview:	.l.x:................last_imp_ts_chr_ers_state.1.620447727098e+12

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\cplonachkpjlngkgbicfcmaelgeojmhe\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.290911501724959
Encrypted:	false
SSDEEP:	3:tUKDdIBXP4hbJNAQLKqFkPt+kiE2J5yETAZuXb4E/0age88x5hql2JDUA5WIV//2:mdQ/N9+q2Pwkn23yEBN8age8Y5hGnIF2
MD5:	2E9083179D91E8929C21278AC439E4E8
SHA1:	FC3E4A203A59F928755C1D68F0BF924EB53B130F
SHA-256:	75AAAED174348C697A53CCFBD7639FA70026EBD3FD108297E2FFB7935ED1851C
SHA-512:	EA18B42BF85E00E3C344D998FA04CDD6AC48F0E9F4BD1D97A5844DC885F5659730D11D9E743A5F325DE144666C627FDE31EA0CDA6096B6D4D9460D6D26572999
Malicious:	false
Preview:	2021/05/08-06:22:07.062 1308 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\cplonachkpjlngkgbicfcmaelgeojmhe/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\cplonachkpjlngkgbicfcmaelgeojmhe\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\hjbeoheoghofnhfmppfonmlmdanlmjoc\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\hjbeoheoghofnhfmppfonmlmdanlmjoc\000003.log Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	4.6143290892484226
Encrypted:	false
SSDEEP:	3:+Xt9jyX6aOAX6KDSVj6X:et0X66qKu56X
MD5:	B0AC6FA280495E6679C7112A0C56B88E
SHA1:	B0E481B29866B657DBF6DAFB8A0C952F5CB8AC76
SHA-256:	4A4648963B980DEADC2978FCC5F445717B2D78564E6874720129C3B8C1C25392
SHA-512:	C3EC51ECF93573F265852E11ABB9D59E59819830FCA0D7D46AE188A94B05389F7989BF6219B5CDC2363F2912A10AD9641DA67C5F809247A659DB3FBC8EE2F09A
Malicious:	false
Preview:	;...9................last_imp_ts_chr_chker_on.1.620447787124e+12

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\hjbeoheoghofnhfmppfonmlmdanlmjoc\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	178
Entropy (8bit):	5.328823065923061
Encrypted:	false
SSDEEP:	3:tUKDdIBX4SWKKqFkPt+kiE2J5yETAZuXb4E/0age88x5hSKOmR1lkyZgWIV//Uv:mdaq2Pwkn23yEBN8age8Y5DOm7l5ZdIg
MD5:	4D42D7A8A0DD5F557D9210B9E309B1B5
SHA1:	5B6E513089E6C1A2E708B1FB4A4FED6BEA599F9C
SHA-256:	89016D180AB97CF6FB7849809BBC8BB8DB4F03518994DB8DC2014461D8594D0A
SHA-512:	C676A4A052345EA3C1A05718314489F0A1A9A613E2E3D7E1B02E6A11B38D7E6533BF4A2617CB9CB8CCEB5EBB436E87993CED2428E5D21048AC80F3791030805D
Malicious:	false
Preview:	2021/05/08-06:23:07.096 da4 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\hjbeoheoghofnhfmppfonmlmdanlmjoc/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Extension Settings\hjbeoheoghofnhfmppfonmlmdanlmjoc\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Storage\leveldb\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	268
Entropy (8bit):	5.343254453854723
Encrypted:	false
SSDEEP:	6:Jv458MWOLKKLc6OGLKKLc8YBo/pg0VOm7l5MHMA/VOm7l5khHAA:JQ5JW4MBo/pDVO8lYB/VO8lMgA
MD5:	0915E8C3B9976D7CF3A1CB07401DE26D
SHA1:	A2FDB3A614B406BB4D4E8B910619D1445CC32BAD
SHA-256:	3D8369CE9233E00994F219AB5683CCA1F9F3868F46204DA1DC83A09C807E9112
SHA-512:	C7694C835DFC81BB6033D06E396DB246F32877ABC1B4307B7E2A62A5FE804297AF92C2010EFD18651669804D4D364A901112904B53DAEF0569293AF9B48F5CF5
Malicious:	false
Preview:	..E.`................VERSION.1..META:https://www.mywavehome.net.&_https://www.mywavehome.net..modernizrM.b................8META:chrome-extension://hjbeoheoghofnhfmppfonmlmdanlmjoc.............G_chrome-extension://hjbeoheoghofnhfmppfonmlmdanlmjoc..dailySecWarnCount..0

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	142
Entropy (8bit):	5.195772734103597
Encrypted:	false
SSDEEP:	3:tUKDdIBX1Inj9AeKqFkPt+kiE2J5yETAZuXb4E/0a2RKUDQTAPHIrscWIV//Uv:mdGnj94q2Pwkn23yEBN8a2jMGIFUv
MD5:	A9F942F663BFA1ECD406D499F782EF5B
SHA1:	A62C9816FD23F509E9289668B91A66DE156369A0
SHA-256:	9EE501463BF9ACF33996F2185CCF75B14BF21A86075095B373AA9FEED6F10081
SHA-512:	460F2E1B51F4E3C0BB30BA2E29679366E3FDCCBC4D2A27482C54E464AE31313E53FA4A7BD9945A2FF880E7570F61A371E1A121919389A79BB746F730BA401C5E
Malicious:	false
Preview:	2021/05/08-06:20:58.675 5c0 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Storage\leveldb/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Local Storage\leveldb\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Login Data Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.7808672647023006
Encrypted:	false
SSDEEP:	48:2n3kaBA+IIYR0yJ7h/ICVEq8MX0D0HSFlNUGlGuGYFoNSs8LKvUf9KJ:qkie0xCn8MZyFlnlG4oNFeym
MD5:	8E81E50EC89AF6140D5AE3F4DB67931F
SHA1:	E06F8C376523071E923010BCFF3EE83A688FBCFC
SHA-256:	10EC73214A7C7CD8456FB5AADDE9BD5379EEFD0D4CDF4959119B85EEBA632D11
SHA-512:	72064337971F434032CA61E4AD2DB45C62F9785ECD5BE869F1194B9D75D7A13A2FFA1D10A4BAD196621121685F3B2A6D432C0B0EFCFC7C06278242A1FCA66B37
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Login Data For Account Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.7808672647023006
Encrypted:	false
SSDEEP:	48:2n3kaBA+IIYR0yJ7h/ICVEq8MX0D0HSFlNUGlGuGYFoNSs8LKvUf9KJ:qkie0xCn8MZyFlnlG4oNFeym
MD5:	8E81E50EC89AF6140D5AE3F4DB67931F
SHA1:	E06F8C376523071E923010BCFF3EE83A688FBCFC
SHA-256:	10EC73214A7C7CD8456FB5AADDE9BD5379EEFD0D4CDF4959119B85EEBA632D11
SHA-512:	72064337971F434032CA61E4AD2DB45C62F9785ECD5BE869F1194B9D75D7A13A2FFA1D10A4BAD196621121685F3B2A6D432C0B0EFCFC7C06278242A1FCA66B37
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Login Data For Account-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	524
Entropy (8bit):	0.27937671757176796
Encrypted:	false
SSDEEP:	3:ncdl1lTFEG2l/n:ncb+/l/n
MD5:	76F5299106ACC0DCEAC30A64FB3D73C6
SHA1:	AC65A9DA8ACBD7B757E28D20B49E102D1C282B38
SHA-256:	B30A88CE12C4CB660628D2F964701FFC4C8733F4D223EBFB7FBBA55B233B1551
SHA-512:	246C9FB20464F4BADA46B33B2D37A882C36EF05645F35CF57B852E5BBCF3472E92420D249C846CD45618795F52242BED1FF29B3F96C775A7313C340C08686164
Malicious:	false
Preview:	.............l...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.....

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Login Data-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	524
Entropy (8bit):	0.27937671757176796
Encrypted:	false
SSDEEP:	3:i/xtFl1lTFEG2l/n:i/f+/l/n
MD5:	F8B701FE6838B877CF15635EC48EC5CA
SHA1:	1120DEAC8926958F7D5A86CFD2BB6BA9C895E57D
SHA-256:	3EA1734B60F420A6F1F109E75EBEA8CF3C48E3CDE5C0AE6710D84DE911656D7A
SHA-512:	6BA76956495A59993526DA674DCB47A2EC18A5A44AFCC033B298B99AB23B8BC75A2260F66D6C178BA5EC01E051E0AF809011867505973AA23FD1C2BC3657572B
Malicious:	false
Preview:	...............l.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.....

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Media History Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5211193945623737
Encrypted:	false
SSDEEP:	192:zR3rOafM0aM0m+9MfkpWBv0r86B+4C+nOd:1BfM0n0H9iA+4C+nO
MD5:	6A395B44C3DBA3934CE966A667B82337
SHA1:	6BF4A9129828DB21374FC2CB35E303046E46727E
SHA-256:	FE603FCB34CF74F3EE9C9BAFE88942DA9C507A6B9EB8FA8EF824890C9DFE58F5
SHA-512:	83D9870241FDDF847949E2D592269C0765A309A4F9E041F3985E614356B2C094B0672EBACB1EAF98F238223EA4DD31C341B17FB79273C828B163753BA69A9C7A
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G.......g..g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Media History-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	5152
Entropy (8bit):	0.5038426235702218
Encrypted:	false
SSDEEP:	6:Ylb+/l/lkYPg9bNFlEuWkll5qKZwkvAngLusiOImWtz0vlWmW8QeZaEyl+:YR+t/lkQqLiuWkll0KONFxOUwaE2+
MD5:	D92C4E69F9D7D9FF43641821B6FDC7C2
SHA1:	B97217F4679B88CB8B56E54507855E0AC8CAA996
SHA-256:	92623F643100E5B6E97DF1AD650F75A628C6A91CF406232A4BE2A7091F18F612
SHA-512:	62D4E3DEC9AEAC1D9D0053C709176F5D93A449894D38BA3A98C8A3CA7EA01BF1FF7DB45EB3F9773F1050F4C39AF1704C05A515F8D17228DB052450AD9FFCDA9C
Malicious:	false
Preview:	.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.................\|.u.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Network Action Predictor Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.46628492112012754
Encrypted:	false
SSDEEP:	48:TKbWOT///2WOT/wp/qALihje9kqL42WOT/CF:ebWOKWOyqAuhjspnWOm
MD5:	FF631E01C083495779519E7D697E1A13
SHA1:	8B17E1485EF71CEB43C55E2775FC8146BFAAA3C4
SHA-256:	1C972E9FA7566E33EE3850ABD9DAEEF79CBFCF48625C4FE7DAA91BA232EA7179
SHA-512:	A2A3F0C1195D7D696620ABE8912EC8604E0AF261CD6EE37803AAAB8F80E7136F3724794F6AE50C133BCA560850D9DC6356FEB151B44A62F3C162CD20BBD97192
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Network Action Predictor-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	9780
Entropy (8bit):	0.6508640359381288
Encrypted:	false
SSDEEP:	24:3+t/CIqLi7bWOT/hLqLfWSmFfeFzfXVVlYWOT/O+:3MqIqKbWOT/hLq/2WOT/O+
MD5:	833CAA91395FF56632681A17D3D88628
SHA1:	449C97B7C59CEFF74FC205FEEA0124DAC94FA654
SHA-256:	314B2C128A9DA7EF7952469C7F5D653384F1D2D6CF1D91C7BFE0B3A0202162D9
SHA-512:	5A67A485C8BFFB5BD1E29713286C39173046785609964B947FE3B2BF2D10729C9280FCD8FA2AE5BA6241D69D4F1A09F5BB2418B25463ECE0D64A7C58E04C02FE
Malicious:	false
Preview:	..............A..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Platform Notifications\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	144
Entropy (8bit):	5.256770120318168
Encrypted:	false
SSDEEP:	3:tUKDdIBX1HLWRFESQLLKqFkPt+kiE2J5yETAZuXb4E/oYKX4rKCHaWrcWIV//Uv:mdFwFEjL+q2Pwkn23yEBNgXz4rRIFUv
MD5:	39B702A1C524AFBC8D60210C89DB89E0
SHA1:	6C252B66DE14C1E664B46F85C5D586C7647AC3FE
SHA-256:	9B27CD3075D60FB37C041879373013F61AB9DC70DC2137E6BFE328346C65591C
SHA-512:	CDC368B36B93652A49E889BA6FE14160AEF516D5C1DC2FB1C8ECF6D8998FF102A47402DA6F7177CC9BEEACA5A6DB937053A3B06712CF893DBB01D9164448FAA7
Malicious:	false
Preview:	2021/05/08-06:20:57.333 11c8 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Platform Notifications/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Platform Notifications\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Preferences Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	4359
Entropy (8bit):	5.241077427234173
Encrypted:	false
SSDEEP:	96:bS52nYv0JewjqhJ6H7EG7n9cppLeGArg1aYkl0vm+r:bSdv0MAb12pLhA81a35m
MD5:	5C52ECEA53F7CE1B405781B3B894CFDA
SHA1:	DF9707ADA3863BB6D67430D58E615358D01A3416
SHA-256:	BF853165F6D65D73D26D83A62383157EF751AFD02D6537CF81E2DF192D6344A8
SHA-512:	F87F2878442088F1AF4289ECB83A9A99B2BD71A8E74E66A5F5CC2C87A6D2DF53EE5CAF2EDD0B7DDDFDDACC6EF851E89D708C12528C5D71E0083FD41C2802D9E6
Malicious:	false
Preview:	{.. "browser": {.. "default_browser_setting_enabled": true,.. "show_home_button": true.. },.. "default_apps": "install",.. "default_search_provider_data": {.. "template_url_data": {.. "created_by_policy": false,.. "favicon_url": "http://www.yahoo.com/favicon.ico",.. "id": "26",.. "input_encodings": [ "UTF-8" ],.. "keyword": "WaveBrowser search",.. "prepopulate_id": 26,.. "safe_for_autoreplace": true,.. "search_terms_replacement_key": "",.. "short_name": "WaveBrowser",.. "suggestions_url": "https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}",.. "suggestions_url_post_params": "",.. "url": "https://api.wavebrowserbase.com/search/yhs",.. "usage_count": 0.. }.. },.. "first_run_tabs": [ "chrome://newtab/" ],.. "homepage": "",.. "homepage_is_newtabpage": true,.. "json_config": "{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Session Storage\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	modified
Size (bytes):	342
Entropy (8bit):	4.328770619953057
Encrypted:	false
SSDEEP:	6:S85aEFljlfvXlaIIa4uhvwLKKLtXyLesQTSlkTSlkTSlkTSlkTSlkT:S+a8ljlX9IaWyLYTSlkTSlkTSlkTSlkT
MD5:	F9CDD81C0EC938BF36EA307C78EE8AEB
SHA1:	DAB75AB9DF178B0678196DEBE5EEE96055A08DCA
SHA-256:	C224B1E7482DB1F9F93C4AB16D427910176D147B624565192DFBC8A76A28B10D
SHA-512:	14C7417530A9BBB7799F4ADDCED0073AB3F3E372FF082A15757E1FEAF09D7844C89990F80ABB93C2BBA4C85E49CEF79061D44703850439CFA6680AE29A7451BB
Malicious:	false
Preview:	...#................version.1..namespace-..&f.................&f................2..i................next-map-id.1.Jnamespace-c54ff860_c1a0_4177_90a5_dd2a5d9b3ca2-https://www.mywavehome.net/.0.L..................map-0-modernizr2B.l...............2B.l...............2B.l...............2B.l...............2B.l...............2B.l...............

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Session Storage\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	137
Entropy (8bit):	5.16667192758581
Encrypted:	false
SSDEEP:	3:tUKDdIBXgFUTGBKqFkPt+kiE2J5yETAZuXb4E/rnKLQFDQWIV//Uv:mdwuTGAq2Pwkn23yEBNrQMxIFUv
MD5:	48863BB13EC6686D0AF658753FA90DEA
SHA1:	C785A70605F51BE0DBC39B37A25FB7D457E49715
SHA-256:	7B77DC6A5F81A0C23BF82713C4B8CA66BD2075A29CD486524EB1746B3E71A963
SHA-512:	3DD80B3C731E374C0A6E45D9C229F777EC286B8059C3A8DFAC2673EC358FD927D20C159D9404E5A3886BFB0BA2B56F7C652E0CBAAE5D96F4B597FB9C0AF75996
Malicious:	false
Preview:	2021/05/08-06:21:04.365 16c0 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Session Storage/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Session Storage\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Sessions\Session_13264921254291484 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	2411
Entropy (8bit):	3.5534651803495563
Encrypted:	false
SSDEEP:	24:34SFS4lrlJ/V6/1EMtGaScAfCg9YZ1at/1EMtGaScuLqDfCD:34GSoxaaSGaSlCg9MiaSGaSXq7CD
MD5:	BD497878A1B4FF1017C5B5B0E36FBB35
SHA1:	49E2844DF6162DE53617063DEB7967DAE881D1E1
SHA-256:	55A0B35B6952AA936A0ACADCF2AC3B6322CD1AE4A824F5CB1D31337167699C9E
SHA-512:	35DE4C614F05D40484D050F0E02C132F15D0C19EE58C29E8A47523D4F247E810740045DADE16EA62875A757418F3784D15556E2DD00A0E086FF340AC4595DBF9
Malicious:	false
Preview:	SNSS....................................................!.............................................1..,.......$...c54ff860_c1a0_4177_90a5_dd2a5d9b3ca2........................Q.................................................................................5..0.......&...{730C75E3-B87A-4292-818B-DC8F984D08AE}.............e..`...............chrome://newtab/....d...`.......X...................................h.......`.......................................................................................................................h.t.t.p.s.:././.w.w.w...m.y.w.a.v.e.h.o.m.e...n.e.t./.?.u.=.f.f.0.1.6.d.d.b.-.5.5.8.4.-.4.b.4.6.-.b.3.8.e.-.4.9.9.f.2.b.a.f.1.3.8.5.&.i.=.w.a.v.&.s.u.b.=.2.0.2.1.0.5.0.8.&.m.v.=.t.r.u.e.&.s.r.c.=.-.l.p.0.-.b.b.6.-.b.r.w.s.r.-.i.n.s.t.&.s.t.=.t.r.u.e.&.k.e.y.w.o.r.d.=.&.t.i.d.=...................................8.......0.......8....................................................................... ...........................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Sessions\Tabs_13264921263864863 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Preview:	SNSS....

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Shortcuts Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44173341476246347
Encrypted:	false
SSDEEP:	12:TLiN7cUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLiVVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	D3C69803E94E712CE3A67559B1A87275
SHA1:	24CBACB1F52DA55154FC83E2B57AED82B1A94CFC
SHA-256:	EE3CEDAB1D880CB089A8235440A4CF550A0AE04CEB5EC533B429CAE240203B6D
SHA-512:	B62AD9F17D84395D26F368C573956218B275C2F2E021C9E502188C696BFB0B6F1DDE8A9537250E59F3BFC303E369A9798A3174475869D72B53CE82C41A03C644
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Shortcuts-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	524
Entropy (8bit):	0.27937671757176796
Encrypted:	false
SSDEEP:	3:R1gFlFllxFEG2l/n:TgL+/l/n
MD5:	92439FE6D8DDF12348D3DAAF2EE93113
SHA1:	88CCF8BD1DEA6866F35221FEFFDEE4EEE89E0C23
SHA-256:	82F4E7ED088B853F292B5F53ED85EB5F20B151798B6784752F63755DEE947811
SHA-512:	8273135186C3ADF32D6E35247AC574E5FFF9A1B6C51406E4E498CD4F603BD67B9B2B60709F2A60B8853778555979BC5248E743B2C3E4C1B76E084DBEC90AD1DC
Malicious:	false
Preview:	............Y..E.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.....

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Site Characteristics Database\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Site Characteristics Database\000003.log Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	3.473726825238924
Encrypted:	false
SSDEEP:	3:41tt0diERGn:et084G
MD5:	148079685E25097536785F4536AF014B
SHA1:	C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
SHA-256:	F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
SHA-512:	C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
Malicious:	false
Preview:	.On.!................database_metadata.1

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	151
Entropy (8bit):	5.20083025120614
Encrypted:	false
SSDEEP:	3:tUKDdIBX1E+WuGNAQ/KqFkPt+kiE2J5yETAZuXb4E/rVcWUGJW2gR2oEWIV//Uv:mdK+XE4q2Pwkn23yEBN7Uh2ghZIFUv
MD5:	3A1C7B216B099DC05E1FDF46A0389411
SHA1:	142CB07AED71FF2F2A673CDEF120730AE9A70D90
SHA-256:	1AAD1E07D074812892171D33620D1C15348B95324E98366EB9DCC7AED57CC77C
SHA-512:	45FB348690DF2D33AF8958B2C875E305D0286609400949202940F2DEE411F55C4279FDAF4DB2184663966B344C05D9FE351AC51745F46975B4E257F4D8BDC19F
Malicious:	false
Preview:	2021/05/08-06:20:54.383 17d0 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Site Characteristics Database/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Site Characteristics Database\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Sync Data\LevelDB\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	84
Entropy (8bit):	3.580460993539107
Encrypted:	false
SSDEEP:	3:sLollttz6sjlGXU2tk0lkGg:qolXtWswXU2tkE
MD5:	4F33C001792C495C4CF6B7D4AF2EF9F3
SHA1:	6EBC84FD54EA99A470B2C58EEAF684C3517AEF23
SHA-256:	E240FC7E67D612806DC2A25EC291D18463EAAD089460BEF183A2BA1AFA9CA76F
SHA-512:	2E326DD0BE72C97441201EC6E4A5A49C607E91C2311753C78E2767F7646AF7FF8608764D1C8176A5613477C2CFCB6606CE0C65637644600FFFBD95F3A2E47045
Malicious:	false
Preview:	...n'................_mts_schema_descriptor.....F..................F................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	139
Entropy (8bit):	5.22696034256134
Encrypted:	false
SSDEEP:	3:tUKDdIBX1E+XFdXAQLLKqFkPt+kiE2J5yETAZuXb4E/rppwvWIV//Uv:mdK+XFdQQL+q2Pwkn23yEBNpIFUv
MD5:	E10C12E43D7D657BD1B2AD4727B04AAA
SHA1:	385052815A9653D6BAD94BA9A51D83DF2F7564BE
SHA-256:	9812C068AB4898B784ABC34432AE05409D356E63840B62762509733FCC24B0FC
SHA-512:	920EF51FA4C1CE1D60A6043ACB643E0058CD755A68C0A26024C52199ED1656451AB9B34B5E3031C9FF5B4B5FE1B27839115BB52504B71D30A8ED66A647CAAEDA
Malicious:	false
Preview:	2021/05/08-06:20:54.382 16c8 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Sync Data\LevelDB\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Top Sites Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	0.3822452175760347
Encrypted:	false
SSDEEP:	24:TLiqym8I6Uwcc25fBzLVym8I6Uw62onLiqym8I6Uwcc25fBzLVym8I6Uw/2hnLlH:TSU1cmBziULSU1cmBziUHFyU
MD5:	5229D74A7FA56AC4A2B63B2E76863E00
SHA1:	C2BAAC5BD0F96D0DF1D0AE3CF145D906BC3BBE72
SHA-256:	68597336F8EEC0BF8FC798949AE57087EDE56FD67FC152231460ED719BF5CEE7
SHA-512:	F2BAF5BC4306EDEC9718E388D8851EC74053B781C8FEB29F4E90508F8F79C3B089A2D59E50DF69FCA7423C53141316331C4DB0F80C38BA9174B469A4F22B792F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Top Sites-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	39556
Entropy (8bit):	0.42982638408052865
Encrypted:	false
SSDEEP:	24:zz+t/rJqLiqym8I6Uww5+t/PqLiqym8I6Uwp++FaMhjqLVym8I6Uwe8:zzMTJqSU75M3qSUE++ZxqiUl8
MD5:	19A725AD153CB5C21CCB16EE41E3FCBC
SHA1:	CDBAD18BCAB1D7CBA26A41B631D8E36366C06C5F
SHA-256:	111B48271050E512A1645F25B4B74951DBFC2458625E4D09F68F0499F7FA1724
SHA-512:	FB1E4AEAA67D02FE6E093D55355D35538082E874BC47EEAE9E0DF464C5AA189A98D2012D3E8D040733C771469E38D0A825DC45BB9A0E5568AE0B677D8E05FC3B
Malicious:	false
Preview:	.............."..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c..................?h.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Visited Links Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.002110589502647469
Encrypted:	false
SSDEEP:	3:ImtVYn5ltl:IiV
MD5:	5EB0CF8F3A833A57F70EB0576B9A37CF
SHA1:	283982944FBDF16B19354F36325BA77E501A0CE2
SHA-256:	1614CC35627C5773163D287658BFBA6007E4505CF545BAC19EDD363329E8F5D5
SHA-512:	317B550CA735CB18CB6F6AFCD322A450A96B2A7E13A7DCBDD205108071586794A827952EBE73A33E2CCFEE7470D3D4185F387FFB34C17895FB0D68248DC5D299
Malicious:	false
Preview:	VLnk.....?......'...D^..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Web Data Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	dBase III DBT, version number 0, next free block index 13
Category:	dropped
Size (bytes):	100352
Entropy (8bit):	1.3172168935684267
Encrypted:	false
SSDEEP:	192:8TpUmZdbLH9DTJMbMBfhnnTQ0JkDe6yCVumeys56o:Kamfbz9/hnTAS/CVumCb
MD5:	B945D634A120AB6F11047281FC764870
SHA1:	83BBCB1C35E6DA0775AAA9977CC0D0700CFD49AC
SHA-256:	769BED998DEBCBFADC96177E58B972F52044ED0A09591B53686805E9BAD7CD12
SHA-512:	CF199CA793EBF9DE239C0BA5B5E949ABA9A27B6B1FEBF2E2B830C3DD9EDD09941B8096E18DEAD9279D7189D7CC5C34C345FBD5BD37FFA965CEFEB5D3D1D82507
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\Web Data-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	12900
Entropy (8bit):	1.504701925581731
Encrypted:	false
SSDEEP:	48:2MFBMPK9pxnmUxEHPg/XUYMddq+4LWSNlzgaMXBVwWOquu3Br3TLeOEErjQ10wYQ:2EF9fn8UQ3CWo3qQ
MD5:	990BF91DFD12461EA88A47E204F3B20D
SHA1:	B60CDA22AF32B46F166DDD0A489BFB9939211DD1
SHA-256:	191654C4DAAC38CF8E46EFC3E7A8CC7ED31EBBD0BDB474F62C502C5E1D8A3DE3
SHA-512:	FE1C50DEB83B22466552DA4254EBFB46017C038EBF345D15C3F0565DA20100A129CE35B45FC04C830E2F416F84C83765ACE322F4F921C6BE5B4D5AE97D3A63E1
Malicious:	false
Preview:	............y.f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c..................."............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\b1f84eb9-6d58-4672-b45e-8bc6001c4cd7.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2410
Entropy (8bit):	4.864696984030316
Encrypted:	false
SSDEEP:	48:YXscRS6bsU6q4sUtwgmJsctSsqMHPWwKsw7s9kqLsq6N0sK+zMN2YhbZ:006RxUODJtkGuTcjD6N++zMNrh1
MD5:	33FBEE9B33C8576D3CDAFDA73970C173
SHA1:	6C489701B83B8EEFBD17EB4BC46038876BA919D5
SHA-256:	F232F3C3E1F2803C9E9FFF208A126235DA0E0636D1D4D7F51D980120C2B071B5
SHA-512:	23430589C5FD1F62E263012BFACE0A9F4754969593CE9D53F8E42677EE551DFE2ED221804A18CD9F7E11156F092D7A80C9E969D03D4B75A350212BA9E2E9BFE0
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513259720565","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"isolation":[],"server":"https://cdn.jsdelivr.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513268428278","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://fonts.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://www.17track.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513274463566","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://code.getmdl.io","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513284673696","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https:

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\ba007f91-b4e0-467e-ba1f-519bb8ca4cfc.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16055
Entropy (8bit):	5.59672731995181
Encrypted:	false
SSDEEP:	384:yVDM+nWIpPK1U6H1waQ8Llx+l5nn6pFIOIjuo:spZS1RH1Y8LlEspGtuo
MD5:	FFDA910A89FE7CB6A8EC6BB9739CC2BB
SHA1:	E53B2B0C2EE317076A3D66F0E8963071EA6D3B61
SHA-256:	6771F4BC60CFA735A10634FD443DED3D5DC7A5983E11ED97FFC44086F4AB242D
SHA-512:	5548AD435378F247ED4FE6EABC6E174A699DBDBEE1A9B46A607E077290A7457E0A2413B7EA5BC7D22DCA46377270ACA2700EF0DA32B0C77CB2421BB70E8A6191
Malicious:	false
Preview:	{"browser":{"show_home_button":true},"default_search_provider_data":{"template_url_data":{"alternate_urls":[],"contextual_search_url":"","created_by_policy":false,"created_from_play_api":false,"date_created":"13264921254314996","doodle_url":"","favicon_url":"http://www.yahoo.com/favicon.ico","id":"3","image_url":"","image_url_post_params":"","input_encodings":["UTF-8"],"keyword":"wavebrowser search","last_modified":"13264921254314996","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","prepopulate_id":26,"safe_for_autoreplace":true,"search_url_post_params":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e","url":"https://search.yahoo.com/search?p={searchTerms}","usage_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\bbc264f9-a68b-4a96-a5c0-6403c0bb565d.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9930
Entropy (8bit):	5.617755941891617
Encrypted:	false
SSDEEP:	192:yVFowMye2N4QKSrxhwlSKCk6pFIOAn3go0iu8p:yV3MyLlx+lSW6pFIOIju8p
MD5:	CEC0756FCE0FEF7E6114630CD47C6481
SHA1:	6461A637CCDA2A2839B386338608B7073E6273FE
SHA-256:	4853B659DAEB2651D9D13A3A01B9D54CFA55C504CCAC87AFEBED7F7E3E9DAFCA
SHA-512:	3873F9C23990A39EE8B13E97E25258E1EEC4DCD9D666C59CA9BB793968E7EAAFA4F0A73203D3879BFFC7205C9F1881794B068FD70D91755B7360202F4AA07514
Malicious:	false
Preview:	{"browser":{"show_home_button":true},"default_search_provider_data":{"template_url_data":{"alternate_urls":[],"contextual_search_url":"","created_by_policy":false,"created_from_play_api":false,"date_created":"13264921254314996","doodle_url":"","favicon_url":"http://www.yahoo.com/favicon.ico","id":"3","image_url":"","image_url_post_params":"","input_encodings":["UTF-8"],"keyword":"wavebrowser search","last_modified":"13264921254314996","last_visited":"0","logo_url":"","new_tab_url":"","originating_url":"","prepopulate_id":26,"safe_for_autoreplace":true,"search_url_post_params":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e","url":"https://search.yahoo.com/yhs/search?hspart=pty&hsimp=yhs-browser_wavebrowser&param1=20210508&param2=ff016ddb-5584-4b46-b38e-499f2baf1385&param3=wav~US~appfocus1~&type=-brwsr-&param4=-lp0-bb6-brwsr~Chrome

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\c1a9d94f-0252-43bd-aded-f7df0ec38a1b.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\c475d4b8-91ad-4f5e-a380-f08ee2ee5d44.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2441
Entropy (8bit):	4.8680086475626965
Encrypted:	false
SSDEEP:	48:YXscRS6bsU6q4sUtwgmJsctSsqMHPWwKsw7s9kqLsq6N0st8MHEMN2YhbZ:006RxUODJtkGuTcjD6N58GEMNrh1
MD5:	D1A60DFDBF775D6C8FF7AEA276994264
SHA1:	3A734050F64EE6C30EA07D4C147CF2E155FA4FA4
SHA-256:	BD4C16F48DC5D39F2E1C65644E4493480BECE3D43E2AE9CA07C7E07825272B74
SHA-512:	2CD3A409014C430101C2A69E4DD229ABD1A0A7116EBF7DB508FC254A08F9A1EBFB4D77A69DA594BCC7C4C36835B951342E9B8FB42AAAAEB251B7E1FE8F1C10D2
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513259720565","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"isolation":[],"server":"https://cdn.jsdelivr.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513268428278","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://fonts.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://www.17track.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513274463566","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://code.getmdl.io","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513284673696","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https:

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\c771237b-c32d-4d9f-ada7-2758c075ceb0.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	872
Entropy (8bit):	5.553500574429244
Encrypted:	false
SSDEEP:	24:YGJ6H0UQSRUhL8lKkG1KUXpG3kU8H7wUiQ:Y26UUQSRUClKDKUXp9UuwUP
MD5:	2310B93D0D6339CA098F985F1DC078D9
SHA1:	EBE1D770C7677400127F79CDB756DEC4D32566C6
SHA-256:	4E5A494C58F23B45445719032EE92FABF9457EC3D675CA490D24165962C86633
SHA-512:	38D73389575C97F597793E0E8240DE7CD38D1109C07E63694C6685A5215E4D1A6D72EA907693B653D1143C42051BEE65E675153FB5E3A64E3253FC762159C7B8
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1651983674.222233,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447674.222238},{"expiry":1631334077.909012,"host":"g4wpCezBK3v/g9MqbDyLhx+g7L+c6QLT0ty6exvYBEQ=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447677.909019},{"expiry":1651983668.46364,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447668.463645},{"expiry":1651983668.439208,"host":"qaDeFdT1UTirY0OQe+c5LKw+zjx6vF/+3vFh7CgrAOY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447668.439212},{"expiry":1651983659.720719,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447659.720728}],"version":2}

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\c7efa70b-aa7c-4822-a91d-133fc4170196.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6762
Entropy (8bit):	5.368118785304614
Encrypted:	false
SSDEEP:	96:ncmUk18VpuhJ6HOHcwR0MoiVmd2dffhVSjpsA5IOrMn3YPo0MG6+ykVuAiDw8:ncmF18rYAuHv0MT6pFIOAn3go0ip
MD5:	144FCDE16AB19D7894921C883C0DCBA8
SHA1:	FF449FD51602BF0E8DCF4792B0DEBE9C90EC56A8
SHA-256:	EB7C43AE14B038EE8F7316165040907BF88AE587FD273458CA9DEECEC4865B05
SHA-512:	0D192AB2B798884EB01F81B6955DB369CFA266F68AA84614844EEA1F9A882B20DC33C6E7AE7F7FF1A7DD9F9D76234E4C11E304410291C1459E244BAB7F26B08D
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13264921254888192","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13264921254553502","autocomplete":{"retention_policy_last_version":1},"autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinne

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\ca941b1a-c7eb-4c5f-a84b-ffd71ef33f6a.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2441
Entropy (8bit):	4.867082373132682
Encrypted:	false
SSDEEP:	48:YXscRS6bsU6q4sUtwgmJsctSsqMHPWwKsw7s9kqLsq6NFN9st8MHGyYhbZ:006RxUODJtkGuTcjD6NFN+8GGXh1
MD5:	0F36C3B2F69558282A5976E293C8E821
SHA1:	889962CC149E859F59479D42F12F2F3EF56ACB5D
SHA-256:	5F09964D0B2F5AA1BD35364814FC307DBB5827399695348FE353BC6A68A30DCC
SHA-512:	C040F85CB7E6A0058E7C9EE1FC8BD11F340EC56F1AD7377FB912C471C22A7D7B1A92221AE064E4B91D8FC64C0104075A156E3CCD9094D38A5094561476EFB18F
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513259720565","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"isolation":[],"server":"https://cdn.jsdelivr.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513268428278","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://fonts.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://www.17track.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513274463566","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://code.getmdl.io","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267513284673696","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https:

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\cff827ce-2f59-4841-8319-37f9751befef.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	872
Entropy (8bit):	5.552465338465158
Encrypted:	false
SSDEEP:	24:YG36H0UtrSRUhL8lKkG1KUXpG3kU8H7wUiQ:Yo6UUNSRUClKDKUXp9UuwUP
MD5:	D5515AAABD3841E1188AA85648D43B75
SHA1:	CC152E96714246D08F67CAD0C510B35CE974F04D
SHA-256:	0C679721F14F88260BE8B32579123B196C2FDFCEAADBEA695538953F00C9D62B
SHA-512:	A4C47450807267FB13751994C8BCDC16DF7AFD17DC07C582EB46480EEAAE05DF82042B7825B86389C4DB6E759076A9AA0DC2C585274804083A54A1BE8D2C4D3A
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1651983684.446517,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447684.446522},{"expiry":1631334077.909012,"host":"g4wpCezBK3v/g9MqbDyLhx+g7L+c6QLT0ty6exvYBEQ=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447677.909019},{"expiry":1651983668.46364,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447668.463645},{"expiry":1651983668.439208,"host":"qaDeFdT1UTirY0OQe+c5LKw+zjx6vF/+3vFh7CgrAOY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447668.439212},{"expiry":1651983659.720719,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447659.720728}],"version":2}

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\d5ece994-9582-4e97-967c-c3fff767afce.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	869
Entropy (8bit):	5.553235617247991
Encrypted:	false
SSDEEP:	24:YGM6H0UPGDtSRUTx8lKkG1KUXpG3kU8H7wUiQ:Y76UUPgtSRUalKDKUXp9UuwUP
MD5:	C6C7446CF6721E64B1A679B56683EB2C
SHA1:	18E86D76917EF642F69B79E40053CD8B654EC657
SHA-256:	85DD377D41D8613F33753EAD0A9887E40F3968862C1C3D9C28070C0D00CFDBC3
SHA-512:	AECC6E8FFF530148A61D3C60298B3D19FEE651DCE4E9E38C9799270DFFF98929DAF7F6249E402D66321B0FE52C5D253BCCDD71D538571D1A9118AA5F911473DE
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1651983670.649895,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447670.6499},{"expiry":1631334068.53893,"host":"g4wpCezBK3v/g9MqbDyLhx+g7L+c6QLT0ty6exvYBEQ=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447668.538936},{"expiry":1651983668.46364,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447668.463645},{"expiry":1651983668.439208,"host":"qaDeFdT1UTirY0OQe+c5LKw+zjx6vF/+3vFh7CgrAOY=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1620447668.439212},{"expiry":1651983659.720719,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620447659.720728}],"version":2}

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\d7531daf-b1fd-4c1e-b60f-0c5587af00a5.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6682
Entropy (8bit):	5.369060733230986
Encrypted:	false
SSDEEP:	96:n05VdPrmXmABuhJ6HOHXwR0MoiVmdydffhVSjpsA5IOrMn3YPo0MG6+ykVuziz:n05TPr74YAuH80MX6pFIOAn3go0iM
MD5:	2481B840E36F54AA834BB279DBE39CFC
SHA1:	4937B4CDBA36E36B6FDA0B13C908DADE3EF03A0C
SHA-256:	F4C1CF293D8D17E763A90FBFB1C0A8467A891DB28D648180C73577625F676BBE
SHA-512:	77B086EBA2CACD6D792D484ABB366ED4F4AF107D3672B644FD99B4BA0DB7D847BDE9EDFEB0B880208EF8F2E71D70E30D2C40F2CE4B2612C500EAE2FF386C17C8
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13264921254888192","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13264921254553502","autofill":{"last_version_validated":1,"orphan_rows_removed":true},"browser":{"default_browser_setting_enabled":true,"show_home_button":true},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"default_search_provider_data":{"template_url_data":{"created_by_policy":false,"favicon_url":"http://www.yahoo.com/favicon.ico","id":"26","input_encodings":["UTF-8"],"keyword":"WaveBrowser search","prepopulate_id":26,"safe_for_autoreplace":true,"search_terms_replacement_key":"","short_name":"WaveBrowser","suggestions_url":"https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}","suggestions_url_post_params":"","url":"https://api

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\da542326-4d9c-41ce-96ab-504b577dc5db.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6711
Entropy (8bit):	5.371218397707622
Encrypted:	false
SSDEEP:	96:n0mUk18VpuhJ6HOHcwR0MoiVmd2dffhVSjpsA5IOrMn3YPo0MG6+ykVuAiDw8:n0mF18rYAuHv0MT6pFIOAn3go0ip
MD5:	6D7851FB84164E462B24084BDB10128A
SHA1:	CE15E3A56F0E2F0F62FEBF2A3231B7039E156433
SHA-256:	C67747D595C6C05B8CFFCEBD6782E947445283D876264F5BCE4BE4A59F1BBA68
SHA-512:	9960EDCDDDC6DCA26EE25B7A9902427B0E49BEC0AED947D0C749D1791CFEF8AA4379716BC7DFE808161F892FD48400609FB45DE4E75923EA96647F6CE6AB6E75
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13264921254888192","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13264921254553502","autofill":{"last_version_validated":1,"orphan_rows_removed":true},"blocked_cws_extension_count":0,"bookmark_bar":{"show_on_all_tabs":false},"browser":{"default_browser_setting_enabled":true,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2679},"default_apps":"install","default_apps_install_state":3,"default_search_provider":{"synced_guid":"3f0e6415-9c49-4f9c-a834-266da997eb2e"},"dseurl_time":"13264921264308933","extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"88.0.4324.41","pinned_extension_migration":true,"pinned_extensions":[]},"first_run_tabs":["chrome://newta

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Xv:1qIF/
MD5:	206702161F94C5CD39FADD03F4014D98
SHA1:	BD8BFC144FB5326D21BD1531523D9FB50E1B600A
SHA-256:	1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
SHA-512:	0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
Malicious:	false
Preview:	MANIFEST-000002.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\data_reduction_proxy_leveldb\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	45
Entropy (8bit):	4.2035382418621845
Encrypted:	false
SSDEEP:	3:tUKDdIBXxVUFRMWFv:mdBVUog
MD5:	75059734CD74949E2B622499A8A1A18B
SHA1:	B1D1CC473739F6B66355E35B28BA33C656CF475A
SHA-256:	FFE07B23D132F8C82350F9D5C31EEA5C14990BB2D44721EE784D03366468B214
SHA-512:	1B91C5ABAFB84D67EB59CEF830F73D28B9E26E155ED1A315516AC887D963EA09F0E9A8AF478DC6F60F1B5C089899AB90AA134F92B1965F68DBFAF3E2E2B2221D
Malicious:	false
Preview:	2021/05/08-06:21:43.601 4e8 Delete type=3 #1.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	MPEG-4 LOAS
Category:	dropped
Size (bytes):	50
Entropy (8bit):	4.948758439731456
Encrypted:	false
SSDEEP:	3:Ukk/vxQRDKIVqU0blS:oO7iblS
MD5:	22BF0E81636B1B45051B138F48B3D148
SHA1:	56755D203579AB356E5620CE7E85519AD69D614A
SHA-256:	E292F241DAAFC3DF90F3E2D339C61C6E2787A0D0739AAC764E1EA9BB8544EE97
SHA-512:	A4CF1F5C74E0DF85DDA8750BE9070E24E19B8BE15C6F22F0C234EF8423EF9CA3DB22BA9EF777D64C33E8FD49FADA6FCCA26C1A14BA18E8472370533A1C65D8D0
Malicious:	false
Preview:	V........leveldb.BytewiseComparator...............

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\heavy_ad_intervention_opt_out.db Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	0.38228658120697745
Encrypted:	false
SSDEEP:	48:TZWMZS0Qj7BgeACvg/gDgQjiZS0Qj7Bgeo:9WMejlJ0QDjiejlA
MD5:	955C1B6E1A5CFC22038797D335E3E446
SHA1:	1D0811204A01A5A0FEA4E0DA99EE57A1940CF2EA
SHA-256:	DCCB7DE215DCACE4C55CFB6BD54752ECE5541E3191EE172CA83D8A7B0A0C65DD
SHA-512:	A41C7CBEFA9C6E6BE27B140E4AEB667D59CF890D5D7E08584EB08ECAC1DF8B0F43E9E683198D39D06DF4AE02AC105CF9E40197D3D50954CA89BAC8784CAE27D0
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\heavy_ad_intervention_opt_out.db-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	9780
Entropy (8bit):	0.44725261365554736
Encrypted:	false
SSDEEP:	12:4L+t/lpqLiuWk3zZBgKuFtuQkMbmgcVAzO5kMCgGUg5IY6eMVJMKt+:4L+t/HqLiuWWzZS53uQFE27MCgGZxqF+
MD5:	D7F5B1C20CEB4D89C69FC1F0A5D5FA44
SHA1:	E658720193B4666735C3EDE8BF59743173999D87
SHA-256:	98EE64ACCF48E50B9B92DB1CC5A59AFA7430101EB609828BB5F4DD214F693645
SHA-512:	E1A5E730B48429E772397262ECD974172769E55E118B86A1D08BCF49856920DA0C6DE5ABDF66F6349FEF45E4A6702F6019FD557B7CED36E35AA16A2F98F8D401
Malicious:	false
Preview:	.............uK;.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.................x..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\previews_opt_out.db Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44297356443775376
Encrypted:	false
SSDEEP:	48:TZWMZS0Qj7BgeACvg/gDgQjiZS0Qj7Bge:9WMejlJ0QDjiejl
MD5:	22B5EFDD39E64F0AB528A4F27E21EA17
SHA1:	56861DF092D83A8095C2CFDCAE7320A58C248E79
SHA-256:	29ABDB4440F6E55D7511BDAB02DAFF6466BFDECF58E6FF80155B2283B874A021
SHA-512:	9110E4EEE111E5285CA2B5B1A5FA195BA427E863CAFAEF74800969AD0E82944BC0FA73E642C21F3CD90736B6EF129226B3DD84010FC1196D851F07627AB53CE8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................G.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\previews_opt_out.db-journal Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	5152
Entropy (8bit):	0.7344691870746355
Encrypted:	false
SSDEEP:	12:KL+t/lWqLiuWk3zZBgKuFtuQkMbmgcVAzO5kMCgGUg5FM+:c+t/wqLiuWWzZS53uQFE27MCgGZM+
MD5:	9E9E764438143C689DDDF73E86BF76FD
SHA1:	B94E6B84C61AF8B514C80024ED62EBFAB06EA606
SHA-256:	B93C3F4617D0BDB0BAD2C7BEBB4B6B44AB3D5B908EFE49B8C473143EDCAFCAFB
SHA-512:	10199673A1073D842C5A6FDB2EEB4B591D09091131A09C8AD72AA8B5917617D7576FA32EBD0C1BD5EA130C9C4A71BA9820C2245F60F5A2BC4DA1376432AF52E2
Malicious:	false
Preview:	............8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\shared_proto_db\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\shared_proto_db\000003.log Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	313
Entropy (8bit):	5.348995754125119
Encrypted:	false
SSDEEP:	6:easX4z+eEHzQmcz+eEHz9J5hB4K7t4KHGVCt+T:t6HzQ6HrBH7tHP+T
MD5:	4549E94185EA252A3C975BE0DDA002A5
SHA1:	C637165FBB062315E8737A8FF8103C9C3DD56D6F
SHA-256:	924287514D3EBCD6B98CA9DF260035BC197BC25A8532CF7151B15EC8CC4AFB85
SHA-512:	0EF0455580A06D2FB53E3DD550CEEE899C718EDAFDE00DC59A0FA0C1F295404EDDF37149235655951D07B8F69710B3D9425F08068501CACE45B62C4BE4C95B69
Malicious:	false
Preview:	.z..................4_IPH_DesktopTabGroupsNewGroup"..IPH_DesktopTabGroupsNewGroup.....4_IPH_GlobalMediaControls...IPH_GlobalMediaControls.....4_IPH_LiveCaption...IPH_LiveCaption.....4_IPH_PasswordsAccountStorage!..IPH_PasswordsAccountStorage.....4_IPH_WebUITabStrip...IPH_WebUITabStrip...2B.l...............

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\shared_proto_db\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	137
Entropy (8bit):	5.29880818262433
Encrypted:	false
SSDEEP:	3:tUKDdIBXts1qKKqFkPt+kiE2J5yETAZuXb4E/LrrxI4cWIV//Uv:mdi1Oq2Pwkn23yEBNfrK+IFUv
MD5:	910CCE0A1FDC60DC20341384A7E3DB62
SHA1:	E53986EA6EDA02FD7474EE48B28E7F23D0DBB3F3
SHA-256:	C6631B10E9DE45AB1862DCB52882CAF9FDB9A2D5CD188C5453E6D75BF91A0E9F
SHA-512:	4AA417F509BC66D2590D0E5E9716CB9B6BDE07E7267C2FCB64CBA8FFD692BAC45F1830AE5211E6A8ACF93F1F429D064EAA2D72A3201821DB8EED30B679EBA5FC
Malicious:	false
Preview:	2021/05/08-06:21:44.914 17b0 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\shared_proto_db/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\shared_proto_db\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\shared_proto_db\metadata\000001.dbtmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\shared_proto_db\metadata\000003.log Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	260
Entropy (8bit):	3.709599778539542
Encrypted:	false
SSDEEP:	6:TRtqcjmtOKwlkmX3BZQOl1m8pl6/3mt/XtBtW9Q63m8k:ZiQkG05/CXtx6I
MD5:	F4BA1489E90BCBD30133DFA16D9991BF
SHA1:	16B495FA1DE825C9DD97CA4F45D45A88B012B221
SHA-256:	DC69957238955204FB8699E1BCEC4500E744664E5175FB61DA00A21458EF6C2D
SHA-512:	6A4631F0323092CFEF4C1D346ECDB590A7D85F528D1117B6C0889160CF3F8016AE65147AB54D8B4240232CAE5BE5C21E6AE4AAFDEA4803576C4D27483B9EEA7B
Malicious:	false
Preview:	.DO&.................__global....j.(.................18_......?.o.................3_.....7....................4_......w...................19_....."[...................18_.....V....................3_.....T`9..................4_......@C1.................19_.....

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\shared_proto_db\metadata\LOG Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	146
Entropy (8bit):	5.258658024376636
Encrypted:	false
SSDEEP:	3:tUKDdIBXtcMKKqFkPt+kiE2J5yETAZuXb4E/LrrxW9BERjokugWIV//Uv:mdqIq2Pwkn23yEBNfrzAdIFUv
MD5:	07D47DDB96CDE88B1F18B473884848DA
SHA1:	B9354B8CEE4F77B58343EA68F27F3B278FC63C26
SHA-256:	9E8516577CA752EA2A2053865B90665C8D44C99DC3D9CEFFC948F2DEA9659046
SHA-512:	2EC1F7FB15DA1EC347203977C6B3D2F9592E395ED83CFFAAB899760DAF657E432CE3F6F9BAFBFB0EE453047C4B04A7562633368E30DABDA871FC3C2C39B27033
Malicious:	false
Preview:	2021/05/08-06:21:44.901 17b0 Reusing MANIFEST C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Default\shared_proto_db\metadata\MANIFEST-000001 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	PGP\011Secret Key -
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\WaveBrowser\User Data\First Run Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	empty
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	D41D8CD98F00B204E9800998ECF8427E
SHA1:	DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:	E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:	CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:	false
Preview:

C:\Users\user\AppData\Local\WaveBrowser\User Data\GrShaderCache\GPUCache\data_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\GrShaderCache\GPUCache\data_1 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	8488
Entropy (8bit):	0.03529448480826166
Encrypted:	false
SSDEEP:	3:MsEllllkXl6EflOsql:/M/66r
MD5:	F524E83EBA0982DF3A3A30819FFD7D6B
SHA1:	4F527BDB222110976E57A9A24607BE466B78B93D
SHA-256:	2EA5D66834777FA14E51206803606057BD938269D54B6492D50BDA3361E32A92
SHA-512:	1A9FCA6B6726947D6B252F7A403507C11F676C36B48D9A4E722E9F1F320D3E8E6B054CF97DD44C173FD8255C997676D62A124DB7D84E78589D411D1761DE737F
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\GrShaderCache\GPUCache\data_2 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\GrShaderCache\GPUCache\data_3 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\GrShaderCache\GPUCache\index Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	258784
Entropy (8bit):	9.757659673476044E-4
Encrypted:	false
SSDEEP:	3:LsFl0l3GQtl:LsFKWQX
MD5:	DE5F410EB040FAD311C177583EA071FA
SHA1:	165F09489A04E6350E4E867855ADA5076B77E8B8
SHA-256:	506C8912E44686004C2C09151FCA4C90A063B45C619E9C70F78192360911D959
SHA-512:	DE990EC7CC888DD52A7319FEB8A23CE61994A788E9E55FCF364A27A30329957D45425DA41A14E3D2D1E05B892FBD9772CD6EE95B2878A4ADEFF072B764008352
Malicious:	false
Preview:	........................................V.'` /.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Last Browser Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	118
Entropy (8bit):	2.9722138224890484
Encrypted:	false
SSDEEP:	3:awRAaltq1FslKZ0lE3A5ly4aQIkAlXEEr5AlXBl:JRa0lKKlEEy6IkAlUE1AlRl
MD5:	56E7ED5720B35FEA5434C703AE205BFF
SHA1:	494E2738C05EC4A8C4050FB74776B7E296ECC7B5
SHA-256:	43EB9E0759EB4ADF9FA87537AB32E050AB7F28581060DD5EC8F0ED895FB3919B
SHA-512:	A42989B72F9D631E0B4C1720B64CE584E9C367985FB17A3640DC780BE27A3B8BA0E4D491E21CCDA0BD1CA7458CFF21EE5721A3244D2F617DFB368A7C76333EB2
Malicious:	false
Preview:	C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e.\.W.a.v.e.B.r.o.w.s.e.r.\.w.a.v.e.b.r.o.w.s.e.r...e.x.e.

C:\Users\user\AppData\Local\WaveBrowser\User Data\Last Version Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	7
Entropy (8bit):	1.8423709931771088
Encrypted:	false
SSDEEP:	3:SUQ:SUQ
MD5:	B1B2AD9D0435A7C07C63AB95A7269EE9
SHA1:	29BEA97FC1B2743B4797F753541ECE71B12ABCA2
SHA-256:	E96D36BB7660DC5657F1DA062B775ED5C0B0F2B302267E1EF4BB600B6BF3E901
SHA-512:	171068BBC8EA42D2B3963FA367DCD844052C8F2062CD40B460902B606C10351CEA3D6AFD37CBCA4E0376D4D8C2AC66FA0B9C632BA9421CE6A15708D96795E123
Malicious:	false
Preview:	1.1.0.7

C:\Users\user\AppData\Local\WaveBrowser\User Data\ShaderCache\GPUCache\data_0 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\ShaderCache\GPUCache\data_1 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	8488
Entropy (8bit):	0.03529448480826166
Encrypted:	false
SSDEEP:	3:MsEllllkXl6Eflk+tl:/M/665e
MD5:	681E60A06FA48A4642D37F9146D8267E
SHA1:	2B1596B50B1F83E8311744E5AB63EB7272251395
SHA-256:	EE961FD3442BBFDF23E822B821925D81301B299C9061AB2B917841F0A8A9AD69
SHA-512:	D7402C9E271AAFCB1676E46F8F201B8A2DA86C1FBF0468EA38150BB48FB33EF4BBBCDFE4F557C8948009FD3D5028DD429C7ADEB333C923CADC9C06391F8EA2C2
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\ShaderCache\GPUCache\data_2 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\ShaderCache\GPUCache\data_3 Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\ShaderCache\GPUCache\index Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	258784
Entropy (8bit):	9.007071760427842E-4
Encrypted:	false
SSDEEP:	3:LsFl0lZXl:LsFKL
MD5:	36C6D98914DDD60FA9072BA7F8B9CF9B
SHA1:	002EAE1E366EAEF067D1111BC58F618D05A19FE2
SHA-256:	B998A8DE01F5465FD0DDCE46AAD7A21DE99D2119A576CBFE6C2A96A3C748E55E
SHA-512:	1F626CE93C088C22BD95F7679BC2EAC41E17D6AAC76D6AB2ED6A3459FF263A7531C4A09641C4856BD4F39F929D3EE8BCDA9FD84A626C1708D8DA53DBA7F60528
Malicious:	false
Preview:	.........................................nT'` /.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\WaveBrowser\User Data\Subresource Filter\Indexed Rules\27\9.22.0\Indexing in Progress Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	empty
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	D41D8CD98F00B204E9800998ECF8427E
SHA1:	DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:	E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:	CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:	false
Preview:

C:\Users\user\AppData\Local\WaveBrowser\User Data\Subresource Filter\Indexed Rules\27\scoped_dir3124_437275817\Ruleset Data Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	data
Category:	dropped
Size (bytes):	208920
Entropy (8bit):	4.964307261909652
Encrypted:	false
SSDEEP:	3072:gzChBJeloN++/mYWcT8WSkb1RqmYb8zpoPo/smfgbpxT0C0oUBXrvzpnuidAut:5clEHRAqggCyIW1
MD5:	A96F63877D2B8648563905C60513B9F0
SHA1:	EE63F5F68E176DCEA8416C9877F09533C4E5498E
SHA-256:	B5A3D515B1673D134B197878D681C0CC8290BC476EB69D69EF27FF9669EC2E80
SHA-512:	C137035D92E4161FF55AF447D61F7F61E9FB8812EF0D32649011A6D7A07AEBA317B4197CF0205B37B755FACF7A1ABCA586507A1B825BC2FD4194E8306DB4E008
Malicious:	false
Preview:	........................$...,........C..................................................p.......P...........,...........................geips....... n..........lgoog........R..........ozama...................onwod.......h...(.......g.bat.......<...@.......uotpo...........X.......ennab...................nozam............e..l....E......................-.................l...P...........,.........................................\|.......h...p...H...,...........\...X...T...P......H.......@...<...8.......d...,...(...$... ...............,.........................................................................`...D...........................................................\|...x...t......l...h...d...`.......X.......P...L...\...D...@...<...8...0...0.............. ...........................................`..................0...........................................................................h.......H...,.......x......p...l...h...d...`...\...X...T...P...L...H...

C:\Users\user\AppData\Local\WaveBrowser\User Data\aded6b55-d162-4a6a-b244-0604f30fff79.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3849
Entropy (8bit):	5.334186486579273
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPFbO1lkzotohpKqQ3dk8UaUe4B4wa:1SYAus1zUjm1U
MD5:	73A5F8B7566BBC0ABEA3554FCD1B8C96
SHA1:	FFE40E74C7951954E3D06BB9FB0B5366CDE81108
SHA-256:	63AD8D2A56C8310DFF564050236740C391E0CB3EA77B46A5CE31A0E5E8B86504
SHA-512:	60EB7DCEB105738D0AB0ED2053DEB415B21590CF323AB007252C7C5FC7068FE3546092A4515EAA4DD53CA4FA4828A3B47F4D271D821CFC8F2AD4F3B0E73BE1AA
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\b08801a0-7cc0-48ec-bf88-e7390f7d4cac.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8277
Entropy (8bit):	5.393236572838102
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkThhZel9Bs4HkN4cQQ0UaP:1SYAusihLFbbmpPzUW01chje9EVe
MD5:	4E17DD6802185FEBF1B41DE007164AD2
SHA1:	A8D0EEA59A001160BD6B870D60C74167E916C791
SHA-256:	01E6EAB7B98F8F09E2F9E144F1B060066DC575EA8283D191C6B2F1B828328BF8
SHA-512:	BAAAA002BF96CBCF144EBC29BAD60D738ECD5BCEC5CD53D13D7285E70B508400926EAF909D42335D7A82BFC5D4954BC94498F9B1DC9F317852BD1C62BF72EA39
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\bd048502-db50-4333-a029-54471dc82b22.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8468
Entropy (8bit):	5.39527213359109
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkqhhZel9BANXhZHk0h4cQc:1SYAusihLFbbmpPzUW01nhjeqXVd
MD5:	0A1CA9605D3F87B14742B7F5630C9ED7
SHA1:	AA3D35C0955AC19BE1A6833262F41C6B69080EBF
SHA-256:	6723E32F266197AC267D74CAA6FAC218FBB1FF05F807B89780F23F0C6AA5393E
SHA-512:	3A4D8098BB90AD474192BB41A3A5D6C350B8D6EF10CAA9DB7999EA9B40BDCCEF43679EF907F92F47C8D497E8130D30D9587EAB8E7BB38E03056AB3C4693EED7C
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\d3804b07-d13f-4d36-a6ae-1084f7ff6945.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8277
Entropy (8bit):	5.393165791465375
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkMhhZel9Bs4HkN4cQQ0Ua1:1SYAusihLFbbmpPzUW01jhje9EVs
MD5:	EF10CA56FA315B46B3BC24BE0580539A
SHA1:	3D84D2C50E0607419F4078EF1EACFE6B2E48D0E6
SHA-256:	3233D1ED1F162869A6BD1335DF3CE2305E2831C402CD5166D7BC5267750C5DCC
SHA-512:	4FEB4A7D73C9D5942C9008C5DCB3C42768C9280D466116327C5C18609C6B8BC84E6D57F40E05C67DBA8FC81AF5708BE0459A1D0EC0A127E142313188A76F87B9
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\dece6607-917e-4f25-b579-8b33eecf6653.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7309
Entropy (8bit):	5.3631298589673095
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqQ3dkQhTeZqs4pl3qvtUaUe4Mwa:1SYAusihLFbbmpPzUjnhTeQ220
MD5:	0F9E71018D2E091FC1692052D22E2210
SHA1:	03FAD13B520C7152B8F3DD209C3B2C6D8AD185DA
SHA-256:	38039E41102D8B93F62B5086EFA46B23B62E4E860E8C5602B2FE8F1625D1DD62
SHA-512:	D99C68D727873E051CF47DBFD81FEAAA159CB9BBDD534C2A3C30E433F3EB6FCF1B1938D76323851A311974488AE9007632D5904354393B553E7026E7C2F61515
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\e16187ac-54f6-4665-a8b4-287b23e23a63.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7678
Entropy (8bit):	5.382320696323062
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqQ3dkdhTeZqs4pl3qKHQ0UaUe4WD:1SYAusihLFbbmpPzUjmhTeQr0i
MD5:	3713ADDFA04FA87988C1A8E65CD772B1
SHA1:	2681D2FD37A73DECA8894D40CC4715C87218F7EB
SHA-256:	2434E920F5F3EAAFE69CAB57D42FD27A538045C87804298DFD2A32ABC25D224E
SHA-512:	FC4F467D73152270DAC05399A888C00CE4B26CD6D7460B980DC7C2BB4D195761F85FD210FF1B661025785E1AE88C07DF2CC5E4BC33E709DD5F58D5A7D1AFD846
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\ef93b1d0-b095-43c4-a1db-c258f54ea5da.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3019
Entropy (8bit):	5.3635465498641794
Encrypted:	false
SSDEEP:	48:YNldm2tnhdSMNajyQOZ5fWJDqWF1otb3p1lklZotoc5Kq8BkOuB0fKHe4BLDwa:ESuhJ6HOnfUPAb51lkzotoKKq8z+yEee
MD5:	7EA118BD5CF60A8AB02AF05FC53D326B
SHA1:	075ECC5718B042692DA7CDD83091389702EF0018
SHA-256:	07B7A521EAD0B3EA042D7110ACBF0FEDE0566D55A21D8E84386649EB83F8FBA6
SHA-512:	1DFD52F6ED1ED1A65DA363C125D9BE76EE9AFB78CDDEA88DD472B92CAE32377C297CDC883FBFA6CB7E67901E2A8ACAB6B1541FDD81DBB2B37EFF9B34B43C02B4
Malicious:	false
Preview:	{"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0

C:\Users\user\AppData\Local\WaveBrowser\User Data\effb9cc7-10bb-4cfb-b3ac-11d2a732d9f9.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8373
Entropy (8bit):	5.394295995044373
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqV0v3dkMhhZel9BANXhZHkN4cQQc:1SYAusihLFbbmpPzUW01jhjeqEVs
MD5:	BA47CB227135714B985FB84F743647B3
SHA1:	EEE813F953A6240D36B0F04976D54AE894D12B30
SHA-256:	469453808037DE2D82B3E7FF9A47AE1B15AD98EDD288A9CC98EF2BBD4014EE8F
SHA-512:	7B6A2BABC3F33F2763D2E5DF39CA8A037A8185272990904EAF9489803752DEAF20AAAB7136DA7B19A26084C703F1E24D7D42924C80F2DD5574F024156CF85828
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Local\WaveBrowser\User Data\fd243fc8-2483-4e09-87b0-85dbddb6fbb3.tmp Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7594
Entropy (8bit):	5.381072880571308
Encrypted:	false
SSDEEP:	96:iFYSuhJ6HOnfUPahLrRbbmpvbO1lkzotohpKqQ3dkdhTeZqs4pl3qiHQ0UaUe4WD:1SYAusihLFbbmpPzUjmhTeQL0i
MD5:	488344FCD4BEBB677E78B857ADB4BC97
SHA1:	2D7D5147F52E8A7A4B83D7405D041F6E0F29AF84
SHA-256:	1D6F5BC42F4E1A41B273444898B350DABC3734479F25FEB02F78A1A246E64C65
SHA-512:	081AB8BC244571EEF4795948262A8A138C9873B7FDAE067F1C3CD0A6453A44AD8E10F2188892DE243914691F8AFBDD494357AA697E419AB3E6BE185DEDFEBC41
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"1.1.0.7"},"daily_ping_time":"13264921263861682","dfcfg":{"ri":0,"show_in_age_0":true,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransaction

C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WaveBrowser.lnk Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Sat May 8 03:20:45 2021, mtime=Sat May 8 03:20:45 2021, atime=Wed Mar 10 21:18:43 2021, length=2049112, window=hide
Category:	dropped
Size (bytes):	2257
Entropy (8bit):	3.774728521516185
Encrypted:	false
SSDEEP:	48:8I83GVkQXcjvEInvgabdSb7lSb+0bHBFesD:8IhvobghAN
MD5:	774EE5BB4C60075D0B151A92155AA2D9
SHA1:	197C1E563D26DCE2797AD962DD3D0E2A9932FFAB
SHA-256:	56D5E7E28CAF994D0BD8CDCC4DD7076FDDE3392F88F92EEB64AD946B631F76E3
SHA-512:	A4AD2A2DA0243D4634EE233189ECAACC121EADD17D3A3621073959D76BDDD4FFA0A3F5035A50233F6683176FA686ACF4F2FEF7B1D3B4955F064994A4E8E7BB45
Malicious:	false
Preview:	L..................F.@.. ...Z5...C...H...C..2..T....XD........................:..DG..Yr?.D..U..k0.&...&...........-..q@.w.C.......C......t...CFSF..1......R."..WAVESO~1....t.Y^...H.g.3..(.....gVA.G..k...R......R.".R.".....V....................8...W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e...D.`.1......R."..WAVEBR~1..H......R.".R."..............................W.a.v.e.B.r.o.w.s.e.r.....l.2.XD..jRV. .WAVEBR~1.EXE..P......R.".R."....{X.....................H.w.a.v.e.b.r.o.w.s.e.r...e.x.e.......j...............-.......i....................C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.....\.....\.W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e.\.W.a.v.e.B.r.o.w.s.e.r.\.w.a.v.e.b.r.o.w.s.e.r...e.x.e.+.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e.\.W.a.v.e.B.r.o.w.s.e.r...-.-.s.t.r.t.l.=.q.l.i.;.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e.\.W.a.v.e.B.r.o.w.s.e.r.\.w.a.v.e.b.r.o.w.s.e.r...e.x.e.........%U

C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.acl Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	Little-endian UTF-16 Unicode text, with no line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:Qn:Qn
MD5:	F3B25701FE362EC84616A93A45CE9998
SHA1:	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
SHA-256:	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
SHA-512:	98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
Malicious:	false
Preview:	..

C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.dic Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	Little-endian UTF-16 Unicode text, with no line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:Qn:Qn
MD5:	F3B25701FE362EC84616A93A45CE9998
SHA1:	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
SHA-256:	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
SHA-512:	98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
Malicious:	false
Preview:	..

C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.exc Download File
Process:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
File Type:	Little-endian UTF-16 Unicode text, with no line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:Qn:Qn
MD5:	F3B25701FE362EC84616A93A45CE9998
SHA1:	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
SHA-256:	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
SHA-512:	98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
Malicious:	false
Preview:	..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WaveBrowser.lnk Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Sat May 8 03:20:45 2021, mtime=Sat May 8 03:20:45 2021, atime=Wed Mar 10 21:18:43 2021, length=2049112, window=hide
Category:	dropped
Size (bytes):	4582
Entropy (8bit):	3.814295920073048
Encrypted:	false
SSDEEP:	48:8I83GVkQXcjvEInvJabdSbpSb+0bQB0E4nsDpI83GVkQXcjvEInvJabdSbwSb+0o:8IhvobJtPxVIhvobJqPx
MD5:	E2E8252DD617A35F1AD2A27B836AFE1B
SHA1:	0F89AAED6B68393A1152FFA869D2372254DFAE31
SHA-256:	5A364FE688CD8ACC81A7E15CD38A70967E0824C4DD174CC09F532B585799D781
SHA-512:	C116C6DE6A548B5FC2C6131D4A9420E1B6018473F3C6E7E63A69EA19F123F6D8D00FC434C5EC3573EED64A7FB2DEF21B5597B684542F648FB6A5F72F77224B19
Malicious:	false
Preview:	L..................F.@.. ...Z5...C...H...C..2..T....XD........................:..DG..Yr?.D..U..k0.&...&...........-..q@.w.C.......C......t...CFSF..1......R."..WAVESO~1....t.Y^...H.g.3..(.....gVA.G..k...R......R.".R.".....V....................8...W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e...D.`.1......R."..WAVEBR~1..H......R.".R."..............................W.a.v.e.B.r.o.w.s.e.r.....l.2.XD..jRV. .WAVEBR~1.EXE..P......R.".R."....{X.....................H.w.a.v.e.b.r.o.w.s.e.r...e.x.e.......j...............-.......i....................C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.>.....\.....\.....\.....\.....\.....\.W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e.\.W.a.v.e.B.r.o.w.s.e.r.\.w.a.v.e.b.r.o.w.s.e.r...e.x.e.+.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e.\.W.a.v.e.B.r.o.w.s.e.r...-.-.s.t.r.t.l.=.t.i.;.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e.\.W.a.v.e.B.r.o.w.s.e.r.\.w.a.v.e.b.r.o.w.s.e.r...e.x.e.......

C:\Users\user\Desktop\WaveBrowser.lnk Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Sat May 8 03:20:45 2021, mtime=Sat May 8 03:20:45 2021, atime=Wed Mar 10 21:18:43 2021, length=2049112, window=hide
Category:	dropped
Size (bytes):	2267
Entropy (8bit):	3.7812578374965304
Encrypted:	false
SSDEEP:	48:8I83GVkQBBgvEInvUabdSbUxfSb+0bHBFesD:8IhkbUixeN
MD5:	60E8AE5864AEB9CCE7FEA2C22A343228
SHA1:	BAD0C5EDECB4D7CACAD45E2462BC470ACF82DA16
SHA-256:	A76812CE1B595A651C5FDB26135B4196DB8FF4B54213D8E0118FB88B1E4CB168
SHA-512:	CA20E3B4C29FFAB0BE54DC3EBEE663FFD351C10C639A911F9C8347B70B874B8551CB3902054F7483E22F2151FE19C4985A95492AF968CCC3E69C98AC9F616CF9
Malicious:	false
Preview:	L..................F.@.. ...Z5...C...H...C..2..T....XD........................:..DG..Yr?.D..U..k0.&...&...........-..q@.w.C.......C......t...CFSF..1......R."..WAVESO~1....t.Y^...H.g.3..(.....gVA.G..k...R......R.".R.".....V....................8...W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e...D.`.1......R."..WAVEBR~1..H......R.".R."...........................L.W.a.v.e.B.r.o.w.s.e.r.....l.2.XD..jRV. .WAVEBR~1.EXE..P......R.".R."....{X.....................H.w.a.v.e.b.r.o.w.s.e.r...e.x.e.......j...............-.......i....................C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t./.....\.W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e.\.W.a.v.e.B.r.o.w.s.e.r.\.w.a.v.e.b.r.o.w.s.e.r...e.x.e.+.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e.\.W.a.v.e.B.r.o.w.s.e.r...-.-.s.t.r.t.l.=.d.i. .-.-.s.t.a.r.t.-.m.a.x.i.m.i.z.e.d.;.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.W.a.v.e.s.o.r. .S.o.f.t.w.a.r.e.\.W.a.v.e.B.r.o.w.s.e.r.\.w.a.v.e.b.r.o.w.s.e.r...e.x.e.

C:\Users\user\Wavesor Software\Temp\source3028_1457357344\Chrome-bin\master_preferences Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	2031
Entropy (8bit):	5.054299517506256
Encrypted:	false
SSDEEP:	48:bS5lcnYVJY/QQpU+1ELU1cj6dw7v2nnhdSMNajyQ7Gv:bS52nYv0JhkUWjWwjqhJ6H74
MD5:	1E20DF0E0CD082FEDC449FDA75EB414D
SHA1:	5100008E3D04D54E8B2E04815E10DDB4DAC62841
SHA-256:	659DC09F0E53F8DFDC63468C6DF85288530BC11AA91650CD8AFAEFEA4E2269D4
SHA-512:	CEE1DFBD7162B9B4C3178D066FFD08361BF63506DC1180FB2AB15A9FA1B13B6768833A24B0C2598545167711B5C417D47DE6A14703EF66823FA31E288557C4C7
Malicious:	false
Preview:	{.. "browser": {.. "default_browser_setting_enabled": true,.. "show_home_button": true.. },.. "default_apps": "install",.. "default_search_provider_data": {.. "template_url_data": {.. "created_by_policy": false,.. "favicon_url": "http://www.yahoo.com/favicon.ico",.. "id": "26",.. "input_encodings": [ "UTF-8" ],.. "keyword": "WaveBrowser search",.. "prepopulate_id": 26,.. "safe_for_autoreplace": true,.. "search_terms_replacement_key": "",.. "short_name": "WaveBrowser",.. "suggestions_url": "https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}",.. "suggestions_url_post_params": "",.. "url": "https://api.wavebrowserbase.com/search/yhs",.. "usage_count": 0.. }.. },.. "distribution": {.. "make_chrome_default": true,.. "make_chrome_default_for_user": true,.. "suppress_first_run_bubble": true,.. "suppress_first_run_defaul

C:\Users\user\Wavesor Software\Temp\source3028_1457357344\Chrome-bin\wavebrowser.VisualElementsManifest.xml Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	392
Entropy (8bit):	5.2194838090967135
Encrypted:	false
SSDEEP:	6:ejHyWc4subuVFWod/NDhkQwYnF4kQwYwwWt/FhYwwWGJsU/FPnwWGJsU/FeXXKhA:ebvyWW/meZPwWZPwWJWnwWJJdVVN
MD5:	4492AA02E4B7A14E947E2FC5E623C3CD
SHA1:	B644FDE8ACC769948B441E4F6B8D70D928DE45A1
SHA-256:	52134FEB5DAC3C1421A6BCB59EA21A36EFB2D1C460D495F7F684C04E076D1F3F
SHA-512:	52EFA840D4662FED769ED0DC1C0682E3A8C2810B52D032B789166D2A0DEED7E491C4F20E53BDF3C8E9D107744070FE1428215898C53314EFB8A26E48CB72E6A9
Malicious:	false
Preview:	<Application xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'>.. <VisualElements.. ShowNameOnSquare150x150Logo='on'.. Square150x150Logo='1.1.0.7\VisualElements\Logo.png'.. Square70x70Logo='1.1.0.7\VisualElements\SmallLogo.png'.. Square44x44Logo='1.1.0.7\VisualElements\SmallLogo.png'.. ForegroundText='light'.. BackgroundColor='#5F6368'/>..</Application>..

C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\Installer\setup.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2928728
Entropy (8bit):	6.51338319542666
Encrypted:	false
SSDEEP:	49152:8nKzAq2/iBnD/tMA9XoAKrXmRT7vQAhVbt4ySEaCUDS83z+oydgdT0aB:8KUE1MAPpLhEl+oyHu
MD5:	C0364BBC1A78CE97482F4A0B0DDBAD08
SHA1:	544C51ABD209A91E72BB4E61660A457209C1EC70
SHA-256:	2212C7EE6FA09FB13664E2D3A511184B13D45D2C40CBA3B3881AE83CEEADF398
SHA-512:	CE9D4AA8EA9A07E3E0343AAC78849B5331DFA7468AB34C3B886B57FE74299A7BB5398EDC43042EA3693E6C28E1689EC5681510A97F0AF5486A6C2C066F2297BA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....iE`.........."................. ..........@..............................-.....S.-...`..........................................m&.R....n&.h.....).p....@(.......,.X....p-..%...Q&.....................0P&.(...P.$.0...........p{&.....(m&.@....................text............................... ..`.rdata...h.......j..................@..@.data........p'..B...^'.............@....pdata.......@(.......'.............@..@.00cfg..(....0).......(.............@..@.gehcont<....@).......(.............@..@.retplne$....P).......(..................tls....1....`).......(.............@...CPADinfo8....p).......(.............@..._RDATA........).......(.............@..@.rsrc...p.....).......(.............@..@.reloc...%...p-..&...n,.............@..B........................................................................................................................................

C:\Users\user\Wavesor Software\WaveBrowser\master_preferences Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	2031
Entropy (8bit):	5.054299517506256
Encrypted:	false
SSDEEP:	48:bS5lcnYVJY/QQpU+1ELU1cj6dw7v2nnhdSMNajyQ7Gv:bS52nYv0JhkUWjWwjqhJ6H74
MD5:	1E20DF0E0CD082FEDC449FDA75EB414D
SHA1:	5100008E3D04D54E8B2E04815E10DDB4DAC62841
SHA-256:	659DC09F0E53F8DFDC63468C6DF85288530BC11AA91650CD8AFAEFEA4E2269D4
SHA-512:	CEE1DFBD7162B9B4C3178D066FFD08361BF63506DC1180FB2AB15A9FA1B13B6768833A24B0C2598545167711B5C417D47DE6A14703EF66823FA31E288557C4C7
Malicious:	false
Preview:	{.. "browser": {.. "default_browser_setting_enabled": true,.. "show_home_button": true.. },.. "default_apps": "install",.. "default_search_provider_data": {.. "template_url_data": {.. "created_by_policy": false,.. "favicon_url": "http://www.yahoo.com/favicon.ico",.. "id": "26",.. "input_encodings": [ "UTF-8" ],.. "keyword": "WaveBrowser search",.. "prepopulate_id": 26,.. "safe_for_autoreplace": true,.. "search_terms_replacement_key": "",.. "short_name": "WaveBrowser",.. "suggestions_url": "https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}",.. "suggestions_url_post_params": "",.. "url": "https://api.wavebrowserbase.com/search/yhs",.. "usage_count": 0.. }.. },.. "distribution": {.. "make_chrome_default": true,.. "make_chrome_default_for_user": true,.. "suppress_first_run_bubble": true,.. "suppress_first_run_defaul

C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2049112
Entropy (8bit):	6.591774950752485
Encrypted:	false
SSDEEP:	49152:wCmRJFJodbckFw6kFqAjoBrC4Eh8V4KGQzmzwsl4G9mA+fXyTA:wbRtMAMBR4hmA+B
MD5:	D01181033AE0FD1E5C8D09DF0AAA70CF
SHA1:	5E2B927406ACED8872965D1E031C690098211B1D
SHA-256:	E4D692392FB7C78ECB7A8CEB2748CDAF68E448831DB5B02C9D4D2A99BDBE3090
SHA-512:	0D80159D6783063A55279406067B9D55D67FDC6BD4E12C599DA366E61F94F2F4EF6BDF0B0B6988901AD606B7D64E81390C0199C2EED04C9C5952FCA4A161AB3C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....iE`.........."..................1.........@.............................. ......`....`.............................................u...l...P...............x....(..X.......4#..............................(.......0...................h...@....................text............................... ..`.rdata.......0......."..............@..@.data...8........:..................@....pdata..x...........................@..@.00cfg..(....`......................@..@.gehcont<....p......................@..@.retplne.................................tls....1...........................@...CPADinfo8...........................@..._RDATA..............................@..@.rsrc...............................@..@.reloc..4#.......$..................@..B........................................................................................................................................

C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser_proxy.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	833112
Entropy (8bit):	6.582823802687673
Encrypted:	false
SSDEEP:	12288:rr2tHFlhwauAcsU9AjtandfEdM5PiaOClceR5+nCoWJtHF:3wlujAjQnPimldftHF
MD5:	E87A90F23FEB108C4FA54F7BACCCED94
SHA1:	3F8FCEDEC163B16A95A269A7D45A7965FF8266B6
SHA-256:	456424D4FD9F7CFBA76D0BC3F667AB0198231BA2209D35DE7B34909D933BB74E
SHA-512:	AA2C5D0EA1605466D830E0E495CE142F236355D342E4D67A2D2E9713F373EA220D1E973E81CD45CEE2AEC5C66DF8A3AF8628478608E0479C28768979483D70EF
Malicious:	false
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....iE`.........."..................d.........@.............................P......EM....`..........................................Q..^....R....... ...........Z......X....0..<...lI.......................G..(...p...0...........pW...............................text............................... ..`.rdata...(.......*..................@..@.data....~.......4..................@....pdata...Z.......\..................@..@.00cfg..(............t..............@..@.gehcont8............v..............@..@.tls....!............x..............@..._RDATA...............z..............@..@.rsrc........ .......\|..............@..@.reloc..<....0......................@..B........................................................................................................................................................................................................................

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.999974426484491
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Wave Browser_cg5vc6cx_.exe
File size:	64298088
MD5:	5d999339f21d3a6b4ee9726874d6fbc5
SHA1:	a8dcf803b4a15d0fb5dde36dbee571d2f3fa53b0
SHA256:	33111d45c6e463b267685b51faefb49565d3e517a30940338e285c52e019e1a6
SHA512:	c97d2470e4a62419ef015f04f6d847731b41e28f2341317d400ef0552d66fec4287aa874c98517ed4725b9f68c7c4f0f8f4882887893c456c071954b86bd6f29
SSDEEP:	1572864:LrM2qXwA5wzqXdOJ/zRAVAwef8XkJ8eHPKUs0:LuXwA5RdcraVbX7En
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F...v...F...@...F.Rich..F.........................PE..L....FI`.................`.........

File Icon


Icon Hash:	70cc92b090c0f070

Static PE Info

General
Entrypoint:	0x4031d6
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x60494616 [Wed Mar 10 22:20:06 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	3abe302b6d9a1256e6a915429af4ffd2

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	1/27/2021 1:00:00 AM 1/26/2023 12:59:59 AM
Subject Chain	CN=Wavesor Software, O=Wavesor Software, L=Agios Athanasios, C=CY, SERIALNUMBER=EE 52849, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CY
Version:	3
Thumbprint MD5:	0502083BE13B02B6CB6F2F2241FEF927
Thumbprint SHA-1:	D9D521276B3311A00B2E9A0960EB293FEF7F12DA
Thumbprint SHA-256:	F70AA5181181825DA22D31F4E3567CB864AF13C3C798643A0CD7433DA6EB5CB4
Serial:	04E41F85C676A21263778BD92DFBBBB8

Entrypoint Preview

Instruction
sub esp, 00000184h
push ebx
push esi
push edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+18h], ebx
mov dword ptr [esp+10h], 00409198h
mov dword ptr [esp+20h], ebx
mov byte ptr [esp+14h], 00000020h
call dword ptr [004070A0h]
call dword ptr [0040709Ch]
and eax, BFFFFFFFh
cmp ax, 00000006h
mov dword ptr [0042370Ch], eax
je 00007F828C8FA903h
push ebx
call 00007F828C8FD9DAh
cmp eax, ebx
je 00007F828C8FA8F9h
push 00000C00h
call eax
mov esi, 00407298h
push esi
call 00007F828C8FD956h
push esi
call dword ptr [00407098h]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], bl
jne 00007F828C8FA8DDh
push 0000000Ah
call 00007F828C8FD9AEh
push 00000008h
call 00007F828C8FD9A7h
push 00000006h
mov dword ptr [00423704h], eax
call 00007F828C8FD99Bh
cmp eax, ebx
je 00007F828C8FA901h
push 0000001Eh
call eax
test eax, eax
je 00007F828C8FA8F9h
or byte ptr [0042370Fh], 00000040h
push ebp
call dword ptr [00407044h]
push ebx
call dword ptr [00407288h]
mov dword ptr [004237D8h], eax
push ebx
lea eax, dword ptr [esp+38h]
push 00000160h
push eax
push ebx
push 0041ECC8h
call dword ptr [00407178h]
push 00409188h

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7430	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x37000	0x5940	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x3d50010	0x1c58
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x298	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5f0d	0x6000	False	0.664957682292	data	6.4503914377	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x1250	0x1400	False	0.4287109375	data	5.00108520723	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x1a818	0x400	False	0.6376953125	data	5.12958781177	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.ndata	0x24000	0x13000	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x37000	0x5940	0x5a00	False	0.2390625	data	3.21178555242	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x372f8	0x25a8	dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0x398a0	0xea8	data	English	United States
RT_ICON	0x3a748	0x8a8	data	English	United States
RT_ICON	0x3aff0	0x568	data	English	United States
RT_ICON	0x3b558	0x468	data	English	United States
RT_ICON	0x3b9c0	0x2e8	data	English	United States
RT_ICON	0x3bca8	0x128	data	English	United States
RT_DIALOG	0x3bdd0	0x202	data	English	United States
RT_DIALOG	0x3bfd8	0xf8	data	English	United States
RT_DIALOG	0x3c0d0	0xee	data	English	United States
RT_GROUP_ICON	0x3c1c0	0x68	data	English	United States
RT_VERSION	0x3c228	0x2f0	SysEx File - IDP	English	United States
RT_MANIFEST	0x3c518	0x423	XML 1.0 document, ASCII text, with very long lines, with no line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	GetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
USER32.dll	ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
ADVAPI32.dll	AdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Version Infos

Description	Data
LegalCopyright	Copyright 2021 Wavesor Software. All rights reserved.
FileVersion	1.1.0.7
CompanyName	Wavesor Software
ProductName	Wave Browser
ProductVersion	1.1.0.7
FileDescription	Installer of Wave Browser
OriginalFilename	Wave Browser
Translation	0x0409 0x04e4

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 8, 2021 06:20:25.425633907 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:25.466890097 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:25.467001915 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:25.481684923 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:25.485532045 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:25.485601902 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:25.522654057 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:25.524777889 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:25.524801970 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:25.524817944 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:25.524894953 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:25.524960041 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:25.527951002 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:25.528100967 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:25.582285881 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:25.623569965 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:25.623611927 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:25.623694897 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:25.636023045 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:25.677290916 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.060815096 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.060937881 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.150247097 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.150356054 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.150382996 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.150409937 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.150433064 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.150444031 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.150461912 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.150485039 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.150542974 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.151492119 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.151519060 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.151577950 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.151627064 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.152571917 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.152673960 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.153080940 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.153110027 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.153177977 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.153204918 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.154136896 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.154171944 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.154216051 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.154313087 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.155266047 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.155278921 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.155359030 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.156393051 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.156414032 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.156472921 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.156537056 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.157486916 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.157531023 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.157566071 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.157593012 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.158577919 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.158622026 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.158660889 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.158706903 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.159715891 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.159745932 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.159787893 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.159815073 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.160756111 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.160789967 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.160927057 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.161845922 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.161875963 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.161933899 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.161988974 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.162940979 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.163012981 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.239033937 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.239068985 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.239146948 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.239176035 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.239377022 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.239398956 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.239440918 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.239470005 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.240094900 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.240128994 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.240160942 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.240205050 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.241198063 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.241235971 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.241277933 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.241323948 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.242324114 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.242357969 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.242404938 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.242433071 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.243418932 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.243452072 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.243498087 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.243527889 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.244523048 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.244559050 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.244601965 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.244694948 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.245606899 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.245640039 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.245702028 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.245724916 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.246738911 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.246773005 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.246809959 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.246855021 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.247828960 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.247862101 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.247910023 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.247940063 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.248971939 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.249002934 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.249105930 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.250057936 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.250092983 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.250114918 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.250152111 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.250188112 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.251154900 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.251194000 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.251256943 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.251271963 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:26.252239943 CEST	443	49734	143.204.209.86	192.168.2.4
May 8, 2021 06:20:26.252396107 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:44.196266890 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:44.336237907 CEST	443	49746	52.72.140.231	192.168.2.4
May 8, 2021 06:20:44.336407900 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:44.386034012 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:44.524012089 CEST	443	49746	52.72.140.231	192.168.2.4
May 8, 2021 06:20:44.524713039 CEST	443	49746	52.72.140.231	192.168.2.4
May 8, 2021 06:20:44.524734974 CEST	443	49746	52.72.140.231	192.168.2.4
May 8, 2021 06:20:44.524750948 CEST	443	49746	52.72.140.231	192.168.2.4
May 8, 2021 06:20:44.524768114 CEST	443	49746	52.72.140.231	192.168.2.4
May 8, 2021 06:20:44.524857998 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:44.524920940 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:44.829844952 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:44.968034983 CEST	443	49746	52.72.140.231	192.168.2.4
May 8, 2021 06:20:44.968235970 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:45.011842012 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:45.160260916 CEST	443	49746	52.72.140.231	192.168.2.4
May 8, 2021 06:20:45.160366058 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:50.215100050 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:50.353332996 CEST	443	49748	52.72.140.231	192.168.2.4
May 8, 2021 06:20:50.353710890 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:50.376878977 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:50.515157938 CEST	443	49748	52.72.140.231	192.168.2.4
May 8, 2021 06:20:50.515808105 CEST	443	49748	52.72.140.231	192.168.2.4
May 8, 2021 06:20:50.515826941 CEST	443	49748	52.72.140.231	192.168.2.4
May 8, 2021 06:20:50.515855074 CEST	443	49748	52.72.140.231	192.168.2.4
May 8, 2021 06:20:50.515871048 CEST	443	49748	52.72.140.231	192.168.2.4
May 8, 2021 06:20:50.515912056 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:50.518703938 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:50.538960934 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:50.677222967 CEST	443	49748	52.72.140.231	192.168.2.4
May 8, 2021 06:20:50.677412033 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:50.678536892 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:50.819735050 CEST	443	49748	52.72.140.231	192.168.2.4
May 8, 2021 06:20:50.822710991 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:51.750796080 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:51.893476009 CEST	443	49748	52.72.140.231	192.168.2.4
May 8, 2021 06:20:51.893646002 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:52.041505098 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:52.185213089 CEST	443	49746	52.72.140.231	192.168.2.4
May 8, 2021 06:20:52.189524889 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:55.056636095 CEST	49746	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:55.056911945 CEST	49748	443	192.168.2.4	52.72.140.231
May 8, 2021 06:20:57.813425064 CEST	49734	443	192.168.2.4	143.204.209.86
May 8, 2021 06:20:59.119790077 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.171958923 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.172046900 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.172751904 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.224925995 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.245749950 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.245780945 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.245805979 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.245830059 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.245846033 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.245852947 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.245887041 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.286834955 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.667382956 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.667665958 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.667830944 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.720443964 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.720686913 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.720781088 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.721015930 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.721223116 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.721257925 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.721288919 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.721302032 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:20:59.721316099 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.722112894 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:20:59.776645899 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:21:01.079336882 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:01.217220068 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:01.219587088 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:01.220216990 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:01.358016014 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:01.358688116 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:01.358724117 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:01.358748913 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:01.358772039 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:01.358913898 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:01.643671989 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:01.643971920 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:01.644181967 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:01.781665087 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:01.781704903 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:01.781723976 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:01.781817913 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:01.782413960 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:01.785948038 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:01.785978079 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:01.786034107 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:01.961476088 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:03.081919909 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.083338022 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.130346060 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.130471945 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.132230043 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.132652044 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.352047920 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.352775097 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.400527000 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.401082039 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.408620119 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.408648014 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.408677101 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.408695936 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.408735037 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.408751011 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.409194946 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.409226894 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.409251928 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.409269094 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.409302950 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.409332991 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.871345043 CEST	49755	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.914357901 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:03.914802074 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:03.915787935 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:03.917360067 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:03.917450905 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:03.917545080 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:03.921562910 CEST	443	49755	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.921674013 CEST	49755	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.922399044 CEST	49755	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.962410927 CEST	49756	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.973887920 CEST	443	49755	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.981519938 CEST	443	49755	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.981574059 CEST	443	49755	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.981610060 CEST	443	49755	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.981627941 CEST	49755	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.981653929 CEST	443	49755	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.981703043 CEST	49755	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.012761116 CEST	443	49756	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.012852907 CEST	49756	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.013478041 CEST	49756	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.054013968 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.054881096 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.055241108 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.056282043 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.056302071 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.056360006 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.057425976 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.057457924 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.057571888 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:04.057908058 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.057924986 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.058007956 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:04.059067011 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.059079885 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.059143066 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:04.061099052 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.061115980 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.061184883 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:04.061882973 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.061897039 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.061980963 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:04.063688993 CEST	443	49756	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.071410894 CEST	443	49756	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.071435928 CEST	443	49756	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.071448088 CEST	443	49756	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.071461916 CEST	443	49756	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.071527004 CEST	49756	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.071567059 CEST	49756	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.189030886 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:04.195759058 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.331604958 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.331908941 CEST	49756	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.332243919 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.332268953 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:04.332307100 CEST	49756	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.332377911 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:04.332595110 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.332894087 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.332906961 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.336867094 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.337083101 CEST	49755	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.337832928 CEST	49755	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.338129044 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.338323116 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.338414907 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.380755901 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.380811930 CEST	443	49756	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.380840063 CEST	443	49756	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.380856037 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.380898952 CEST	49756	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.380939007 CEST	49756	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.380976915 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.381031990 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.381472111 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.381941080 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.382936001 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.382967949 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.382987976 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.383003950 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.383019924 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.383039951 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.383045912 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.383089066 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.383094072 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.384008884 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.385641098 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.385672092 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.386320114 CEST	443	49755	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.386344910 CEST	443	49755	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.386420012 CEST	49755	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.386470079 CEST	49755	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.386889935 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.386917114 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.386966944 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.387005091 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.388050079 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.388055086 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.388070107 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.388079882 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.388160944 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.388170958 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.388231039 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.388292074 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.388971090 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.390971899 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.431427002 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.435010910 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.440016031 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.469422102 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.418905020 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.419028044 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.469202042 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.473093033 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.473119974 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.473210096 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.473741055 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.473758936 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.473872900 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.476457119 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.478948116 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.479829073 CEST	49758	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.484740019 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.484781981 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.484824896 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.484849930 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.485373020 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.489712954 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:21:07.533643007 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.544034004 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:21:07.544195890 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:21:07.544282913 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:21:07.545617104 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:21:07.546056986 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:21:07.569662094 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.605654001 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:21:07.611468077 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.611648083 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.612760067 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.614674091 CEST	443	49758	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.614825964 CEST	49758	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.615803957 CEST	49758	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.746227980 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.747153044 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.747175932 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.747194052 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.747210026 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.747265100 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.747355938 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.749226093 CEST	443	49758	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.750080109 CEST	443	49758	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.750097990 CEST	443	49758	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.750109911 CEST	443	49758	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.750127077 CEST	443	49758	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.750224113 CEST	49758	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.750303030 CEST	49758	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.863415956 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.865151882 CEST	49758	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.865829945 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.865876913 CEST	49758	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.866532087 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.997143984 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.997175932 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.997665882 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.997978926 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.998771906 CEST	443	49758	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.998797894 CEST	443	49758	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.998977900 CEST	49758	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.998991966 CEST	49758	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:07.999398947 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.999480963 CEST	443	49758	34.198.81.120	192.168.2.4
May 8, 2021 06:21:07.999695063 CEST	49758	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.018212080 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.018239021 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.018260956 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.018281937 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.018300056 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.018317938 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.018315077 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.018335104 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.018367052 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.018542051 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.128010988 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.133511066 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.133550882 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.133574009 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.133596897 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.133706093 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.133739948 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.138061047 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.139890909 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.141968966 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.153410912 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153525114 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.153672934 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153700113 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153723001 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153748035 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153772116 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153793097 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153800964 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.153816938 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153821945 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.153840065 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153845072 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.153863907 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153884888 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153893948 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.153901100 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.153908014 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153934002 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153937101 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.153959990 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153984070 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.153989077 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.153995037 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.154007912 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.154012918 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.154042959 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.154148102 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.168040037 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.173441887 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.187110901 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.188769102 CEST	49760	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.191261053 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.193010092 CEST	49762	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.236000061 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.236829042 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.236884117 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.238127947 CEST	443	49762	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.238315105 CEST	49762	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.239114046 CEST	49762	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.241197109 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.241430998 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.242369890 CEST	443	49760	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.242383957 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.244209051 CEST	49760	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.244232893 CEST	49760	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.247437954 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.267093897 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.267137051 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.267162085 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.267185926 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.267210007 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.267234087 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.267257929 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.267272949 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.267278910 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.267307997 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.267405987 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.273324966 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.280450106 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.282516956 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.282550097 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.282573938 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.282594919 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.282610893 CEST	443	49762	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.282648087 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.282711029 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.284518957 CEST	443	49762	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.284554005 CEST	443	49762	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.284580946 CEST	443	49762	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.284604073 CEST	443	49762	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.284667015 CEST	49762	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.284764051 CEST	49762	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.287002087 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287039995 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287219048 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287242889 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287247896 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287267923 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287292957 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287293911 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287316084 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287338972 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287339926 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287342072 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287367105 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287391901 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287415981 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287436008 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287439108 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287440062 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287462950 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287467003 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287487030 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287489891 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287511110 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287511110 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287534952 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287535906 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287559986 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287561893 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287586927 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287587881 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287611008 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287632942 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287633896 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287640095 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287658930 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287659883 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287683010 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287683964 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287705898 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287707090 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287731886 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287753105 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287758112 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287781954 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287782907 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287806988 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287807941 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287827969 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287830114 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287849903 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287852049 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287873030 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287873030 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287899017 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287923098 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.287945986 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287971020 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.287974119 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.294320107 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.295850039 CEST	443	49760	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.299544096 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.299981117 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.300743103 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.308268070 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.312232018 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.313065052 CEST	49762	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.313098907 CEST	49762	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.313558102 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.313816071 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.313961983 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.315486908 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.315534115 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.315561056 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.316220045 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.316730976 CEST	443	49760	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.316776991 CEST	443	49760	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.316803932 CEST	443	49760	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.317013025 CEST	49760	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.336747885 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.344938040 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.347285032 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.349858999 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.352530956 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.352699995 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.356075048 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.356717110 CEST	443	49762	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.356744051 CEST	443	49762	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.356770992 CEST	443	49762	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.356849909 CEST	49762	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.356884003 CEST	49762	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.357048035 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.357076883 CEST	49762	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.357367039 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.357415915 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.357654095 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.357681036 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.357702971 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.357724905 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.357724905 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.357758999 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.357758045 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.357789040 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.357814074 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.357824087 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.357827902 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.357841015 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.357844114 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.357870102 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.358995914 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.359308004 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.359338999 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.359596014 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.361092091 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.361151934 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.361169100 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.361341953 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.362742901 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.362801075 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.362838030 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.362958908 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.364387989 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.364428043 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.364496946 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.365171909 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.366061926 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.366107941 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.366173983 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.366190910 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.367743015 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.367784977 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.369405031 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.369421959 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.369467974 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.369504929 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.369873047 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.371083021 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.371119022 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.371144056 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.371165991 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.371176004 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.371197939 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.371330976 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.372714996 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.372740030 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.372826099 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.388187885 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.388278008 CEST	49760	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.388992071 CEST	49760	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.389013052 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.389019966 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.389411926 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.389487982 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.400816917 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.400842905 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.400856972 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.400868893 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.400888920 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.400904894 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.400923967 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.400928974 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.400943041 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.400958061 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.400960922 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.400964022 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.400975943 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.400989056 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.401000977 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.401010036 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.401026011 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.401030064 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.401043892 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.401046991 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.401065111 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.401077032 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.401084900 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.401087999 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.401139975 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.401144981 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.402920008 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.402940035 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.402959108 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.402975082 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.402992010 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403003931 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403017998 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403017998 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.403029919 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403043032 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403059959 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403076887 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403091908 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403107882 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403117895 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.403124094 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403142929 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.403143883 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403163910 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.403177023 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.403196096 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.403263092 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.404448032 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.404467106 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.404771090 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.405744076 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.405766010 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.405901909 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.406939030 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.406965971 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.408159971 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.408184052 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.409291983 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.409311056 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.409367085 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.410422087 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.410439014 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.410480022 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.411334991 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.411488056 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.411509037 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.411750078 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.412545919 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.412586927 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.412604094 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.412626982 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.412666082 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.412728071 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.413636923 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.413654089 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.413747072 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.414695978 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.414715052 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.415728092 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.415746927 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.416237116 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.416702986 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.416723013 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.417639017 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.417655945 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.417701006 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.417995930 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.418517113 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.418534040 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.419445992 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.419464111 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.419518948 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.419802904 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.420326948 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.420342922 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.420695066 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.420697927 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.421247959 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.421271086 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.421292067 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421313047 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421333075 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421353102 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421365023 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421370029 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.421375036 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421408892 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421410084 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421432018 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421442032 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421457052 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421458006 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421479940 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421483994 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421502113 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421523094 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421528101 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421544075 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421547890 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421566010 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421574116 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421586990 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421607018 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421612024 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421629906 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421633005 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421657085 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421665907 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421678066 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421698093 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421700954 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421720028 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421725035 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421740055 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421761036 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421765089 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421791077 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421794891 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421811104 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421832085 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421835899 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421852112 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421861887 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421878099 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421879053 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421884060 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421900988 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421905994 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421921968 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421930075 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421942949 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421962976 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.421971083 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.421983957 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.422009945 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.422936916 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.440156937 CEST	443	49760	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.440428019 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.440576077 CEST	443	49760	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.440622091 CEST	49760	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.440738916 CEST	49760	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.440872908 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.441442966 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.441456079 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.441457987 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.446677923 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.446722031 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.447041988 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.447082043 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.447104931 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.447118044 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.447149038 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.447154999 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.447285891 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.447746038 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.447784901 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.448029041 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.448483944 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.448523045 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.449163914 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.449203968 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.449206114 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.449243069 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.449271917 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.450145006 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.450186968 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.450231075 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.450273037 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.450462103 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.452898026 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.452944040 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.452975035 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.453084946 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.453989983 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.454046965 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.454092979 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.454143047 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.454174042 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.455178022 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.455214024 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.455245972 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.455975056 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.455976963 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.456099033 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.456149101 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.456197023 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.456228971 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.456464052 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.456722975 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.456724882 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.457159996 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.457196951 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.457230091 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.458214045 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.459724903 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.459765911 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.459796906 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.459878922 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.459907055 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.461210966 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.461251020 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.461280107 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.461307049 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.461332083 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.461379051 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.461858034 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.462378025 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.462970018 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.463004112 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.463032007 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.463043928 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.463059902 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.463098049 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.463179111 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.463668108 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.463706970 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.464135885 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.464181900 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.464221001 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.464255095 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.464258909 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.464287996 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.464327097 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.464327097 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.464814901 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.464899063 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.464915991 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.465403080 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.465454102 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.465492010 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.465553999 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.468097925 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:08.485872984 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.490629911 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.490681887 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.490734100 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.490863085 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.490897894 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.490926981 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.490936041 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.490959883 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.490989923 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.492707968 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.492742062 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.492768049 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.492785931 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.492816925 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.492850065 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.493699074 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.493737936 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.493757963 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.493776083 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.494185925 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.494218111 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.494240999 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.494250059 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.494286060 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.495539904 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.497627974 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.497664928 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.497689962 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.497714043 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.497770071 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.498519897 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.498826981 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.499459982 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.499496937 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.499521017 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.499546051 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.499583006 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.499700069 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.500174046 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.500201941 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.500225067 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.500245094 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.500260115 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.500464916 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.503338099 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.503362894 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.503379107 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.503391027 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.503662109 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.503703117 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.503720045 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.503735065 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.503817081 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.504837036 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.504867077 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.504893064 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.504914045 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.504967928 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.505765915 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.506494045 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.506525040 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.506550074 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.506573915 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.506603956 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.507002115 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.507800102 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.507822037 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.507834911 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.507847071 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.507895947 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.508012056 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.508049965 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.508322954 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.508594036 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.510478973 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.510514975 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.510534048 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.514314890 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.520087004 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:08.528892994 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.528922081 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.529138088 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.531898975 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.532042980 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.532372952 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.532917023 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.533960104 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.533992052 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.534008026 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.534073114 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.534174919 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.534200907 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.534224987 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.534250021 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.534280062 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.534418106 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534444094 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534462929 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.534466028 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534492016 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534507036 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.534514904 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534539938 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534564972 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534595013 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534605980 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.534621954 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534646988 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534672976 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534676075 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.534698963 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534703016 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.534724951 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534746885 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534768105 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534778118 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.534792900 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.534817934 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.534825087 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.534843922 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.534848928 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.534868956 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.534897089 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.534919024 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.534934044 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.534985065 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.535381079 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.536257982 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.536288023 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.536379099 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.536406040 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.536416054 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.536432028 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.536456108 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.536551952 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.536819935 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.536864996 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.537843943 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.537869930 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.537887096 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.537904024 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.537919998 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.537925959 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.537931919 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.537957907 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.538295031 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.538955927 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.538973093 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.538990974 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.539026022 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.539092064 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.539855957 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.539885998 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.540290117 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.542234898 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.542280912 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.542300940 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.542320013 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.542388916 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.542531013 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.542985916 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.543018103 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.543040037 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.543066025 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.543128014 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.543144941 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.543546915 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.543579102 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.543634892 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.543657064 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.543692112 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.543701887 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.543711901 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.544533968 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.544567108 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.544584036 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.544589043 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.544611931 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.544676065 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.544688940 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.545418978 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.545466900 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.545864105 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.545874119 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.545901060 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.545927048 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.545949936 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.545967102 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.546411037 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.546721935 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.546756029 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.546772957 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.546789885 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.546875000 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.547573090 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.547610998 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.547631979 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.547653913 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.547665119 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.547712088 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.548459053 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.548480034 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.548496008 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.548511982 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.548566103 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.549252987 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.549284935 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.549305916 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.549331903 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.549380064 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.549470901 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.550021887 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.550051928 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.550074100 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.550101042 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.550144911 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.550781012 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.550802946 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.550825119 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.550837040 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.550843000 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.550860882 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.550873995 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.551177025 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.551754951 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.551781893 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.551801920 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.551831007 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.551855087 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.551872015 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.551933050 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.551944971 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.552710056 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.552741051 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.552766085 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.552782059 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.552797079 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.553634882 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.553637981 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.553661108 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.553678036 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.553700924 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.553720951 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.553733110 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.553744078 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.554207087 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.554564953 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.554596901 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.554619074 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.554641008 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.554678917 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.554735899 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.555314064 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555346012 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555372953 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.555399895 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.555424929 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.555438995 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.555447102 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.555473089 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555490971 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.555497885 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555522919 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.555532932 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.555547953 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555569887 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555578947 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.555593967 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555618048 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555625916 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.555632114 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555655003 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555676937 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555685997 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.555699110 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555720091 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555741072 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555749893 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.555767059 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555775881 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.555793047 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555809021 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.555819035 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555841923 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555861950 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555876017 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.555883884 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555900097 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.555907011 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555928946 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555953026 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555953979 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.555979967 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.555983067 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.556001902 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.556025982 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.556030035 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.556049109 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.556071043 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.556080103 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.556092978 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.556114912 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.556132078 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.556140900 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.556168079 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.556210995 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.556236029 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.556257010 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.556276083 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.556279898 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.556301117 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.556318998 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.556325912 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.556350946 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.556404114 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.556411028 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.557190895 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.557220936 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.557248116 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.557271957 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.557286024 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.557297945 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.557377100 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.558067083 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.558094978 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.558115959 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.558137894 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.558161020 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.558264017 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.558283091 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.558285952 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.572324991 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.572351933 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.572362900 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.573151112 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.579324961 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.579493046 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.579519987 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.579541922 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.580070972 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.580519915 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.580560923 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.580821991 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.580840111 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.580857992 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.580869913 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.580872059 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.580882072 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.580894947 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.580923080 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.581002951 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.581516027 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.581538916 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.581965923 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.582108021 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.582129955 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.582146883 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.582161903 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.582179070 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.582210064 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.582238913 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.582297087 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.582464933 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.582482100 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.583239079 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.583256960 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.583272934 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.583281994 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.583288908 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.583304882 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.583323956 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.583333969 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.583349943 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.583379030 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.583395958 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.583410025 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.583431005 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.583489895 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.584435940 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.586287022 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.586304903 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.586632967 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.588107109 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.588126898 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.588145018 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.588164091 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.588180065 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.588197947 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.588216066 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.588216066 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.588232040 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.588238001 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.588242054 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.588490009 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.589194059 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.589211941 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.589224100 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.589236975 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.589253902 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.589271069 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.589287996 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.589313984 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.589695930 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:08.591813087 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.591834068 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.592025042 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.595495939 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.595524073 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.595633984 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.599210978 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.599246025 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.599361897 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.602852106 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.602889061 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.602998018 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.606240988 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.606276035 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.606709957 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.609533072 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.609570980 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.609733105 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.612860918 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.612895012 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.613234043 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.616169930 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.616209984 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.616300106 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.619497061 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.619533062 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.619699955 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.620053053 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:08.622773886 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.622816086 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.622957945 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.626121044 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.626152039 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.626276970 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.629460096 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.629493952 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.629561901 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.631707907 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:08.631710052 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.638611078 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.638653040 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.639058113 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.639914989 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.639954090 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.640053988 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.642659903 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.642697096 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.642956018 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.645092964 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.645127058 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.645195961 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.647559881 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.647588968 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.647696972 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.650047064 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.650074959 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.650549889 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.652493954 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.652523994 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.652600050 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.654944897 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.654977083 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.655051947 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.657459021 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.657493114 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.657560110 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.659863949 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.659897089 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.660001040 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.662355900 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.662386894 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.662549019 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.664787054 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.664818048 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.665008068 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.667254925 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.667287111 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.667671919 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.669713020 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.669722080 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:08.669742107 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.669806957 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.670413017 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670443058 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670468092 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670490980 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670512915 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670535088 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670547009 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.670557976 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670582056 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670583010 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.670603991 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670629978 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670631886 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.670654058 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670654058 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.670677900 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670677900 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.670701027 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670725107 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.670725107 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670748949 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670772076 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.670773029 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.670912981 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.672164917 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.672197104 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.672342062 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.674622059 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.674654961 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.676928043 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.677037001 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.677057981 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.677144051 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.679475069 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.679502010 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.680917025 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.681926012 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.681948900 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.682039976 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.684171915 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.684199095 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.684760094 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.686404943 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.686440945 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.686930895 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.688560963 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.688597918 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.688699007 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.689449072 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689486980 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689555883 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689568043 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.689579010 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689600945 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689625978 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689627886 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.689649105 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689671040 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689692974 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689702988 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.689716101 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689719915 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.689739943 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689762115 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689766884 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.689785004 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689810038 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689831972 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689845085 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.689853907 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689876080 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689888954 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.689892054 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689917088 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689918995 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.689940929 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.689944029 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.690005064 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.690028906 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.690032005 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.690052032 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.690073967 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.690079927 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.690097094 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.690121889 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.690123081 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.690145016 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.690165997 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.690187931 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.690191031 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.690212011 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.690237999 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.690694094 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.690726995 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.690742016 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.692101955 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.692837954 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.692869902 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.694727898 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.694971085 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.695002079 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.695132971 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.696300030 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.696342945 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.696465969 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.700064898 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.700099945 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.700122118 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.700140953 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.700162888 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.700186014 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.700244904 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.700465918 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.702507973 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.702544928 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.702629089 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.704526901 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.704564095 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.704802036 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.707140923 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.707176924 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.707274914 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.709515095 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.709549904 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.710272074 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.711949110 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.711982965 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.712251902 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.714442968 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.714479923 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.714824915 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.716964006 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.717000008 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.717154026 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.717452049 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.718405962 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:08.765191078 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.765235901 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.765367985 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.775533915 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:08.804143906 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804183960 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804207087 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804230928 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804253101 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804275990 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804301977 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804299116 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.804325104 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804349899 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804369926 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804393053 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804415941 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804421902 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.804440022 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804464102 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804488897 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804512024 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.804521084 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.804539919 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.804600954 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.825505018 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825536966 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825560093 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825583935 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825606108 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825628042 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825651884 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825674057 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825699091 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825722933 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825743914 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825752974 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.825766087 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825783968 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.825788975 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825812101 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825828075 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825845003 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825860977 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825879097 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825896978 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825901985 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.825921059 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825942039 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825963974 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825982094 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.825988054 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826004982 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826030016 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826040030 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826051950 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826072931 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826106071 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826111078 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826117992 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826128006 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826152086 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826173067 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826178074 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826194048 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826215029 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826220036 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826241016 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826244116 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826267004 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826287985 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826308966 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826332092 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826334953 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826353073 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826374054 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826383114 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826395988 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826401949 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826421976 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826445103 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826450109 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826467037 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826471090 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826489925 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826512098 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826534033 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826545000 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826558113 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826572895 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826579094 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826605082 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826628923 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826630116 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826653004 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826673985 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826677084 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826700926 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826704025 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826723099 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826745987 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826750040 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826766968 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826790094 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826807022 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826813936 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826833963 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826854944 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826874018 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826874018 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826896906 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826905966 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826919079 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826931000 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.826939106 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826962948 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.826987982 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827006102 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827009916 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.827027082 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827047110 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827058077 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.827069998 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827091932 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827101946 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.827112913 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827126026 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.827138901 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827162027 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827166080 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.827183008 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827194929 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.827204943 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827227116 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827248096 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827261925 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.827270985 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827291965 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827292919 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.827316046 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.827351093 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.827402115 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.898886919 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.898924112 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.899297953 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.937988043 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938035965 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938057899 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938081980 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938103914 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938126087 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938149929 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938160896 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.938174009 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938194036 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.938199043 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.938203096 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938229084 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938251972 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938262939 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.938277006 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938286066 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.938301086 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938323975 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938332081 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.938348055 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938370943 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.938380003 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.938489914 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.960760117 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.960803986 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.960829020 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.960853100 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.960870028 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.960891962 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.960916042 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.960936069 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.960954905 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.960973978 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.960973978 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.960995913 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.961016893 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.961038113 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.961049080 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.961057901 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.961067915 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.961081982 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.961098909 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:08.961122990 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:08.961189985 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:09.601597071 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:10.941145897 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:10.984656096 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:10.984852076 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:10.989550114 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:11.032979012 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:11.049894094 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:11.049933910 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:11.049953938 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:11.050111055 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:11.090054989 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:11.134654045 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:11.177855015 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:14.260634899 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.312484980 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.313198090 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.314831972 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.367023945 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.387902021 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.387943983 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.387963057 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.390747070 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.446271896 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.446320057 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.446727991 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.498871088 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.499171019 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.500165939 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.500200987 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.500226021 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.500250101 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.500273943 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.500297070 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.501419067 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.501436949 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.501441956 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.501444101 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.502701044 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.503856897 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.503890038 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.504893064 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.507572889 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.507626057 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.508313894 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.511318922 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.511642933 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.554622889 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.554661989 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.554749012 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.554877043 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.556410074 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.556443930 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.556556940 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.560076952 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.560113907 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.560251951 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.560372114 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.563779116 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.563817024 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.563981056 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.567445993 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.567482948 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.568073034 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.571006060 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.571039915 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.571271896 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.574598074 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.574632883 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.575371981 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.578087091 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.578119040 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.578526974 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.581665993 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.581698895 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.581964016 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.585315943 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.585355043 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.586760044 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.588738918 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.588776112 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.589606047 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.592297077 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.594022036 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.594058990 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.594599009 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.606621027 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.606656075 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.608124971 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.608134985 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.608160973 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.611216068 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.611253023 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.611306906 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.611692905 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.613828897 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.613856077 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.614139080 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.616517067 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.616549015 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.617305040 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.619194984 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.619226933 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.620018959 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.621877909 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.621907949 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.622975111 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.624610901 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.624638081 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.625432968 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.627222061 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.627257109 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.629415035 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.629858017 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.629914045 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.630319118 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.632623911 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.632651091 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.634160995 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.635267019 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.635294914 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.636698961 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.637953043 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.637976885 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.638528109 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.640650988 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.640671968 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:14.641443968 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.643304110 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:14.700443983 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:21:17.657984018 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.660660982 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.711395979 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.735547066 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.735575914 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.735590935 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.735629082 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.735918999 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.735934019 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.735976934 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.736342907 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.736366987 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.736397982 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.737116098 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.737139940 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.737174034 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.737864971 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.737886906 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.737927914 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.738627911 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.738643885 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.738692999 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.739211082 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.739238024 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.739279985 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.739960909 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.739990950 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.740031958 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.740711927 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.740732908 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.740777969 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.741488934 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.741508007 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.742244005 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.742274046 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.743011951 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.743022919 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.743041039 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.743793964 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.743809938 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.743828058 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.744395971 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.744527102 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.744544029 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.744784117 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.745320082 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.745379925 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.745412111 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.746104002 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.746129990 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.746164083 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.746819019 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.746864080 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.746890068 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.747598886 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.747625113 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.747648954 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.748362064 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.748382092 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.748977900 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.749119043 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.749147892 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.749882936 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.749900103 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.749912977 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.750464916 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.750639915 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.750658035 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.751096010 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.751430988 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.751462936 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.751753092 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.752177954 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.752197027 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.752324104 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.752965927 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.752983093 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:17.753334999 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:17.795682907 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795723915 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795743942 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795780897 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795797110 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795814037 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795829058 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795845032 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795860052 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795860052 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.795898914 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795901060 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.795933008 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795948029 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795959949 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.795958996 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.795983076 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796003103 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796020031 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796044111 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796061039 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796067953 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796076059 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796108007 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796139002 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796152115 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796154976 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796190977 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796210051 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796212912 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796226025 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796241999 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796268940 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796303034 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796303988 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796322107 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796348095 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796365976 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796385050 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796387911 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796401978 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796427011 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796449900 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796462059 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796466112 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796483994 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796503067 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796525002 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796528101 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796545029 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796554089 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796572924 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796597958 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796601057 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796618938 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796643972 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796647072 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796659946 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796683073 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796694040 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796700001 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796719074 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796720982 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796745062 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796758890 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796761036 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796786070 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796802998 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796817064 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796837091 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796852112 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796863079 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796880007 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796885014 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796907902 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796947002 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.796953917 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796977997 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.796991110 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797000885 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797022104 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797032118 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797044992 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797065020 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797075033 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797090054 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797115088 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797136068 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797146082 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797157049 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797178030 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797179937 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797202110 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797224998 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797250032 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797255993 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797276020 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797297955 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797317028 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797327042 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797338009 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797362089 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797363997 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797404051 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797430038 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797436953 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797454119 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797461033 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797473907 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797485113 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797498941 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797522068 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797537088 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797544003 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797568083 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797589064 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797594070 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797611952 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797632933 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797637939 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797655106 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797679901 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797683954 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797703028 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797707081 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797724009 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797744989 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797766924 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797787905 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797810078 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797815084 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797832012 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797844887 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797858000 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797882080 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797904015 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797924995 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797925949 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797949076 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797950983 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.797972918 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.797974110 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.798002005 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798024893 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798049927 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798074961 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798096895 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798101902 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.798120975 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798142910 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798162937 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798173904 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.798180103 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.798445940 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.798523903 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798542023 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798557997 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798573017 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798592091 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798609972 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798624992 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798640013 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798643112 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.798655987 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798686028 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798693895 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.798703909 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798719883 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798741102 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798754930 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.798758984 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798774958 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798784971 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.798791885 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798809052 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:17.798818111 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.798835993 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.840986967 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.933021069 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:17.947514057 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:21:18.005491018 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:21:24.486299992 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.538289070 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:21:24.538553953 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.539729118 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.592464924 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:21:24.613257885 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:21:24.613296032 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:21:24.613404989 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.657556057 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.658050060 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.658273935 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.710000038 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:21:24.710031033 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:21:24.710045099 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:21:24.710119963 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.710863113 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.710921049 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:21:24.710943937 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:21:24.710954905 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:21:24.711025000 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.711077929 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.712428093 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:21:24.764394999 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:21:40.232188940 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:40.232362032 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:40.365765095 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:40.365818977 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:40.367121935 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:40.367156982 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:40.367177963 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:40.367217064 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:40.367271900 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.203799009 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.204184055 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.204361916 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.247204065 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.247420073 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.248783112 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.248807907 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.248823881 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.248841047 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.248859882 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.248878002 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.248917103 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.248955965 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.251930952 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.251956940 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.252116919 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.254957914 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.254987001 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.255099058 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.258001089 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.258037090 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.258093119 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.261085033 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.261267900 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.269648075 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:42.292172909 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.292201996 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.292354107 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.293631077 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.293657064 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.293780088 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.296679020 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.296704054 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.296796083 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.299741983 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.299767971 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.299902916 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.302851915 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.302881002 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.302951097 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.305911064 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.305933952 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.306165934 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.308917999 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.308940887 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.309092999 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.311968088 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.312000036 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.312083960 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.314831018 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.314852953 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.314975977 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.317697048 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.317720890 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.317828894 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.320597887 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.320622921 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.320688963 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.321465969 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.321620941 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:42.323415995 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.324834108 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.324853897 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.324942112 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.327735901 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.327755928 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.327893019 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.335582018 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.335614920 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.335747004 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.336632013 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.336649895 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.336738110 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.338887930 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.338910103 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.338965893 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.339471102 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:42.340924978 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.340950012 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.341023922 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.343002081 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.343020916 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.343110085 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.345001936 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.345032930 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.345127106 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.347024918 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.347054958 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.347120047 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.349051952 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.349073887 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.349122047 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.351108074 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.351135969 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.351272106 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.353116035 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.353136063 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.353306055 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.355165005 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.355187893 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.355792046 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.357204914 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.357244968 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.357453108 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.359235048 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.359267950 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.359649897 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.361264944 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.361294031 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.361654997 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.363308907 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.363331079 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.363383055 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.365319967 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.365336895 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.365398884 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.367347956 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.367366076 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.367418051 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.369406939 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.369426966 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.369498968 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.371421099 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.371449947 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.371515989 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.373444080 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.373469114 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.373547077 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.373946905 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:21:42.393093109 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.413893938 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.413927078 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.413940907 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.414012909 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:42.422333002 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:21:42.461178064 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:42.461584091 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:42.461869001 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:42.513422012 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.513453007 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.513603926 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:42.517333031 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.529522896 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:42.544917107 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.544945955 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.544959068 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.544970036 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.545061111 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:42.546628952 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:42.563204050 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:42.576462984 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.585251093 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:21:42.586250067 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.597971916 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:21:42.633647919 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:42.633752108 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:21:42.634470940 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:21:42.682981968 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:42.690012932 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:42.690048933 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:42.690068007 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:42.690169096 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:21:42.700618982 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:42.700712919 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:42.701535940 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:42.710912943 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.710946083 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.710958004 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.710973978 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.710993052 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711009979 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711025000 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711040974 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711057901 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711070061 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.711074114 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711091042 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711098909 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.711107969 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711127043 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711128950 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.711146116 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711160898 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.711162090 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711179972 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711184025 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.711195946 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711211920 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711225033 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.711226940 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711244106 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711261988 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.711262941 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711282015 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711288929 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.711297989 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711313963 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711323977 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.711328983 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711340904 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:21:42.711364031 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.711386919 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:21:42.838907957 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:42.839606047 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:42.839637995 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:42.839656115 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:42.839672089 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:42.839685917 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:42.839710951 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:43.072491884 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:21:43.074733973 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:21:43.076430082 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:21:43.121217012 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:43.121948004 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:21:43.123223066 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:43.129705906 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:43.135309935 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:43.135333061 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:43.135340929 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:43.135370970 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:43.135473013 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:21:43.139004946 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:21:43.177680969 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:43.177927971 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:43.178595066 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:43.179085016 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:43.189754009 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:21:43.318103075 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:43.318120956 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:43.318300962 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:43.318485022 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:43.319268942 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:43.322998047 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:43.323016882 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:43.323146105 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:43.501010895 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:21:49.463565111 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:21:49.542177916 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:49.595756054 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:49.603749990 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:21:52.667591095 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:21:52.667594910 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:52.719851017 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:21:52.719881058 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:21:53.544817924 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:21:53.598118067 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:21:53.674062014 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:21:53.717639923 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:21:53.743839979 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:21:53.784517050 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:21:57.074832916 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:21:57.211863995 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:57.212707043 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:21:57.213826895 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:21:57.350792885 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:57.351460934 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:57.351485014 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:57.351505995 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:57.351526022 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:57.351579905 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:21:57.438735962 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:21:57.439127922 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:21:57.439394951 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:21:57.575877905 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:57.575896025 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:57.575972080 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:57.576173067 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:21:57.579677105 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:57.579694033 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:57.579854012 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:21:57.738223076 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:21:57.918225050 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:21:58.018037081 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:58.018331051 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:58.067611933 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.067641973 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.067656994 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.068875074 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.068897963 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.069161892 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:58.069540977 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.069577932 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.069622040 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:58.072002888 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:21:58.072451115 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:58.123903036 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.124064922 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:21:58.124742985 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:21:58.126091003 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.176537991 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.197108984 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.197141886 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.197166920 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.197205067 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:21:58.235625982 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:21:58.235989094 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:21:58.236216068 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:21:58.287902117 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.287940979 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.288100958 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:21:58.288750887 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:21:58.293495893 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.320035934 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.320067883 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.320082903 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.320168018 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:21:58.325464964 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:21:58.345485926 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:58.377749920 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:21:59.772156954 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:21:59.823981047 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:22:03.135430098 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:22:03.187503099 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:22:04.331743956 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:22:04.331774950 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:22:04.331789970 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:22:04.331924915 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:22:04.333375931 CEST	49752	443	192.168.2.4	34.198.11.52
May 8, 2021 06:22:04.411766052 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.463792086 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.465039968 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.466006041 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.471311092 CEST	443	49752	34.198.11.52	192.168.2.4
May 8, 2021 06:22:04.517911911 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.538686991 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.538747072 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.538775921 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.540894032 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.567940950 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.567977905 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.568361998 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.568377018 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.622514963 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.622538090 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.622903109 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.623570919 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.624943972 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.656182051 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.657027006 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.657835007 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.657860041 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.657874107 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.657881975 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.657933950 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.658013105 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.658025980 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.660945892 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:04.681729078 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:04.712706089 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:07.130100965 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:22:07.269223928 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:22:07.273191929 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:22:07.273216963 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:22:07.273703098 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:22:09.871089935 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:22:09.923166037 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:22:27.435442924 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:22:27.478820086 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:22:27.717470884 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:22:27.760847092 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:22:27.812355042 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:22:27.852792978 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:22:28.201468945 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:22:28.251856089 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:22:28.514524937 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:22:28.652054071 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:22:37.839544058 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:22:37.839544058 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:22:37.889642954 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:22:37.893559933 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:22:38.717894077 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:22:38.764182091 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:22:38.769995928 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:22:38.808901072 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:22:38.826301098 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:22:38.867153883 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:22:42.710936069 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:22:42.710961103 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:22:42.711106062 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:22:42.711528063 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:22:42.712147951 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:22:42.712268114 CEST	49757	443	192.168.2.4	34.198.81.120
May 8, 2021 06:22:42.845519066 CEST	443	49757	34.198.81.120	192.168.2.4
May 8, 2021 06:22:43.140702963 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:22:43.189532042 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:22:43.323996067 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:22:43.324038029 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:22:43.324147940 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:22:43.324662924 CEST	49776	443	192.168.2.4	34.198.11.52
May 8, 2021 06:22:43.385590076 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:43.438005924 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:22:43.462277889 CEST	443	49776	34.198.11.52	192.168.2.4
May 8, 2021 06:22:44.842952013 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:22:44.896127939 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:22:48.191812038 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:22:48.243875027 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:22:49.718971968 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:49.770731926 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:22:52.281471968 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:22:52.418514967 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:22:54.937254906 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:22:54.991549015 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:23:07.271536112 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:23:07.271552086 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:23:07.271562099 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:23:07.271642923 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:23:07.272038937 CEST	49778	443	192.168.2.4	52.72.140.231
May 8, 2021 06:23:07.408893108 CEST	443	49778	52.72.140.231	192.168.2.4
May 8, 2021 06:23:07.739505053 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:07.828176975 CEST	49799	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:07.875144005 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:07.875247002 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:07.876271009 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:07.961637974 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:23:07.961803913 CEST	49799	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:07.962462902 CEST	49799	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.009587049 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.010350943 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.010380030 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.010405064 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.010430098 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.010471106 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.010483027 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.011929989 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.012713909 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.012723923 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.095717907 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.096447945 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.096484900 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.096509933 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.096529007 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.096596003 CEST	49799	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.097978115 CEST	49799	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.145486116 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.145519972 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.145659924 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.145991087 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.146049023 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.146219015 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.149732113 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.149755955 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.153641939 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.232788086 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.232805967 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:23:08.232877970 CEST	49799	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:08.321513891 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:12.486459970 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:23:12.529800892 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:23:12.829092026 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:23:12.880651951 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:23:13.267043114 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:23:13.315412045 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:23:22.908741951 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:23:22.909995079 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:23:22.959661961 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:23:22.961724043 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:23:23.784521103 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:23:23.815824032 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:23:23.836563110 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:23:23.859432936 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:23:23.878228903 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:23:23.919035912 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:23:28.206110954 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:23:28.255661964 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:23:28.456125021 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:28.508404970 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:23:29.909590960 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:23:29.962796926 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:23:33.247576952 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:23:33.299742937 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:23:34.784393072 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:34.836318016 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:23:40.004302979 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:23:40.056372881 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:23:53.239407063 CEST	49799	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:53.333410025 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:23:53.372575045 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:23:53.466806889 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:23:57.536598921 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:23:57.582619905 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:23:57.895672083 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:23:57.949526072 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:23:58.333312035 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:23:58.381875992 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:24:07.975663900 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:24:07.976516008 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:24:08.024971008 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:24:08.028023958 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:24:08.095334053 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:24:08.095352888 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:24:08.095453978 CEST	49799	443	192.168.2.4	23.23.34.82
May 8, 2021 06:24:08.150887966 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:24:08.150912046 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:24:08.150921106 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:24:08.151689053 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:24:08.151745081 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:24:08.151829958 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:24:08.285996914 CEST	443	49798	23.23.34.82	192.168.2.4
May 8, 2021 06:24:08.286282063 CEST	49798	443	192.168.2.4	23.23.34.82
May 8, 2021 06:24:08.850691080 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:24:08.866388083 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:24:08.902995110 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:24:08.909924984 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:24:08.928963900 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:24:08.970500946 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:24:13.266566992 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:24:13.315052986 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:24:13.521934986 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:24:13.574863911 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:24:14.975558043 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:24:15.027462959 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:24:18.311549902 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:24:18.363879919 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:24:19.851914883 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:24:19.903882980 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:24:25.070419073 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:24:25.122488976 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:24:42.588303089 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:24:42.631870031 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:24:42.962647915 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:24:43.014518023 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:24:43.386183023 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:24:43.434844971 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:24:53.041974068 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:24:53.043715000 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:24:53.093202114 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:24:53.096008062 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:24:53.104593039 CEST	49799	443	192.168.2.4	23.23.34.82
May 8, 2021 06:24:53.238626957 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:24:53.916624069 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:24:53.917016029 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:24:53.965492010 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:24:53.971110106 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:24:53.979171991 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:24:54.020235062 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:24:58.323503971 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:24:58.371964931 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:24:58.580591917 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:24:58.634443998 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:25:00.042435884 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:25:00.096580029 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:25:03.368071079 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:25:03.420203924 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:25:04.918525934 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:04.970449924 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:25:07.492289066 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:25:07.492909908 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:25:07.541444063 CEST	443	49753	8.8.8.8	192.168.2.4
May 8, 2021 06:25:07.541626930 CEST	49753	443	192.168.2.4	8.8.8.8
May 8, 2021 06:25:07.544877052 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:25:07.545506954 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:25:07.597820997 CEST	443	49751	172.217.20.1	192.168.2.4
May 8, 2021 06:25:07.598028898 CEST	49751	443	192.168.2.4	172.217.20.1
May 8, 2021 06:25:08.465612888 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:25:08.466332912 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:25:08.518671989 CEST	443	49759	172.217.20.10	192.168.2.4
May 8, 2021 06:25:08.518779039 CEST	49759	443	192.168.2.4	172.217.20.10
May 8, 2021 06:25:10.137850046 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:25:10.189780951 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:25:14.502989054 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:25:14.503467083 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:25:14.556168079 CEST	443	49766	216.58.214.195	192.168.2.4
May 8, 2021 06:25:14.556243896 CEST	49766	443	192.168.2.4	216.58.214.195
May 8, 2021 06:25:17.738935947 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:25:17.743024111 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:25:17.800753117 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:25:17.822469950 CEST	443	49763	172.217.19.115	192.168.2.4
May 8, 2021 06:25:17.823208094 CEST	49763	443	192.168.2.4	172.217.19.115
May 8, 2021 06:25:24.715492964 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:25:24.717343092 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:25:24.769380093 CEST	443	49769	172.217.19.100	192.168.2.4
May 8, 2021 06:25:24.772587061 CEST	49769	443	192.168.2.4	172.217.19.100
May 8, 2021 06:25:26.042893887 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.066616058 CEST	49811	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.096098900 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.096677065 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.097584963 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.120076895 CEST	443	49811	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.120230913 CEST	49811	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.120949984 CEST	49811	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.150818110 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.171725035 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.171770096 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.171797991 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.171937943 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.174817085 CEST	443	49811	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.195460081 CEST	443	49811	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.195545912 CEST	443	49811	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.195593119 CEST	443	49811	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.195657015 CEST	49811	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.217381001 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.223824024 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.224632978 CEST	49811	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.225166082 CEST	49811	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.225414991 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.225831985 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.276074886 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.276809931 CEST	443	49811	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.276925087 CEST	443	49811	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.277072906 CEST	49811	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.277122021 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.277199984 CEST	49811	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.277230978 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.278219938 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.282313108 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.304682016 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.304733992 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.304750919 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.304864883 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.304881096 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.304925919 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.309194088 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:25:26.335298061 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:26.361212969 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:25:27.654017925 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:25:27.697292089 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:25:28.030415058 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:25:28.081840038 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:25:28.451375008 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:25:28.499860048 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:25:38.265396118 CEST	49799	443	192.168.2.4	23.23.34.82
May 8, 2021 06:25:38.398699045 CEST	443	49799	23.23.34.82	192.168.2.4
May 8, 2021 06:25:38.983258009 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:25:39.026907921 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:25:39.030145884 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:25:39.072472095 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:25:42.265310049 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:25:42.266546011 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:25:42.312488079 CEST	443	49765	172.217.22.227	192.168.2.4
May 8, 2021 06:25:42.312712908 CEST	49765	443	192.168.2.4	172.217.22.227
May 8, 2021 06:25:42.546181917 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:25:42.552716970 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:25:42.604141951 CEST	443	49775	172.217.20.10	192.168.2.4
May 8, 2021 06:25:42.604264021 CEST	49775	443	192.168.2.4	172.217.20.10
May 8, 2021 06:25:43.144217014 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:25:43.145143986 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:25:43.193576097 CEST	443	49777	142.250.181.238	192.168.2.4
May 8, 2021 06:25:43.193811893 CEST	49777	443	192.168.2.4	142.250.181.238
May 8, 2021 06:25:43.390594006 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:25:43.440995932 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:25:43.639635086 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:43.693417072 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:25:49.985574007 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:50.037585974 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:25:58.095453024 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:25:58.097728014 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:25:58.146132946 CEST	443	49754	8.8.8.8	192.168.2.4
May 8, 2021 06:25:58.146343946 CEST	49754	443	192.168.2.4	8.8.8.8
May 8, 2021 06:25:58.332381010 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:25:58.333189964 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:58.385380983 CEST	443	49779	172.217.20.3	192.168.2.4
May 8, 2021 06:25:58.385634899 CEST	49779	443	192.168.2.4	172.217.20.3
May 8, 2021 06:26:04.676297903 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:26:04.677144051 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:26:04.729209900 CEST	443	49780	172.217.20.3	192.168.2.4
May 8, 2021 06:26:04.729387045 CEST	49780	443	192.168.2.4	172.217.20.3
May 8, 2021 06:26:11.376532078 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:26:11.428388119 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:26:24.035208941 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:26:24.080503941 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:26:24.081674099 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:26:24.122494936 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:26:56.443402052 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:26:56.495184898 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:27:09.084369898 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:27:09.127970934 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:27:09.133094072 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:27:09.173881054 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:27:41.501405001 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:27:41.553242922 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:27:48.581000090 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:27:48.581022978 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:27:48.581167936 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:27:48.581226110 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:27:48.581319094 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:27:48.582401991 CEST	49764	443	192.168.2.4	104.20.23.216
May 8, 2021 06:27:48.623249054 CEST	443	49764	104.20.23.216	192.168.2.4
May 8, 2021 06:27:54.135849953 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:27:54.179553032 CEST	443	49761	151.101.2.109	192.168.2.4
May 8, 2021 06:28:26.561558962 CEST	49810	443	192.168.2.4	172.217.19.106
May 8, 2021 06:28:26.613729000 CEST	443	49810	172.217.19.106	192.168.2.4
May 8, 2021 06:28:39.187177896 CEST	49761	443	192.168.2.4	151.101.2.109
May 8, 2021 06:28:39.231504917 CEST	443	49761	151.101.2.109	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 8, 2021 06:20:00.080437899 CEST	59123	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:00.130742073 CEST	54531	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:00.132107019 CEST	53	59123	8.8.8.8	192.168.2.4
May 8, 2021 06:20:00.188038111 CEST	53	54531	8.8.8.8	192.168.2.4
May 8, 2021 06:20:00.967914104 CEST	49714	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:01.004250050 CEST	58028	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:01.025281906 CEST	53	49714	8.8.8.8	192.168.2.4
May 8, 2021 06:20:01.053085089 CEST	53	58028	8.8.8.8	192.168.2.4
May 8, 2021 06:20:02.029706001 CEST	58028	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:02.079854012 CEST	53	58028	8.8.8.8	192.168.2.4
May 8, 2021 06:20:03.544900894 CEST	53097	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:03.593583107 CEST	53	53097	8.8.8.8	192.168.2.4
May 8, 2021 06:20:04.474917889 CEST	49257	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:04.528213978 CEST	53	49257	8.8.8.8	192.168.2.4
May 8, 2021 06:20:04.959254980 CEST	62389	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:05.020519018 CEST	53	62389	8.8.8.8	192.168.2.4
May 8, 2021 06:20:05.481729984 CEST	49910	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:05.541976929 CEST	53	49910	8.8.8.8	192.168.2.4
May 8, 2021 06:20:06.704447985 CEST	55854	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:06.755897999 CEST	53	55854	8.8.8.8	192.168.2.4
May 8, 2021 06:20:11.749907970 CEST	64549	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:11.801486015 CEST	53	64549	8.8.8.8	192.168.2.4
May 8, 2021 06:20:19.327526093 CEST	63153	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:19.376137972 CEST	53	63153	8.8.8.8	192.168.2.4
May 8, 2021 06:20:20.524468899 CEST	52991	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:20.573184013 CEST	53	52991	8.8.8.8	192.168.2.4
May 8, 2021 06:20:22.585658073 CEST	53700	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:22.642700911 CEST	53	53700	8.8.8.8	192.168.2.4
May 8, 2021 06:20:25.207314014 CEST	51726	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:25.217720985 CEST	56794	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:25.266597033 CEST	53	56794	8.8.8.8	192.168.2.4
May 8, 2021 06:20:25.270553112 CEST	53	51726	8.8.8.8	192.168.2.4
May 8, 2021 06:20:26.688198090 CEST	56534	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:26.740937948 CEST	53	56534	8.8.8.8	192.168.2.4
May 8, 2021 06:20:28.220467091 CEST	56627	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:28.269536018 CEST	53	56627	8.8.8.8	192.168.2.4
May 8, 2021 06:20:29.251969099 CEST	56621	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:29.300602913 CEST	53	56621	8.8.8.8	192.168.2.4
May 8, 2021 06:20:30.250323057 CEST	63116	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:30.301745892 CEST	53	63116	8.8.8.8	192.168.2.4
May 8, 2021 06:20:31.454597950 CEST	64078	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:31.504025936 CEST	53	64078	8.8.8.8	192.168.2.4
May 8, 2021 06:20:32.576805115 CEST	64801	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:32.633934021 CEST	53	64801	8.8.8.8	192.168.2.4
May 8, 2021 06:20:34.077332973 CEST	61721	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:34.134444952 CEST	53	61721	8.8.8.8	192.168.2.4
May 8, 2021 06:20:35.432043076 CEST	51255	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:35.480757952 CEST	53	51255	8.8.8.8	192.168.2.4
May 8, 2021 06:20:35.563164949 CEST	61522	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:35.625869036 CEST	53	61522	8.8.8.8	192.168.2.4
May 8, 2021 06:20:44.094604015 CEST	52337	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:44.160847902 CEST	53	52337	8.8.8.8	192.168.2.4
May 8, 2021 06:20:46.983918905 CEST	55046	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:47.043275118 CEST	53	55046	8.8.8.8	192.168.2.4
May 8, 2021 06:20:50.082840919 CEST	49612	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:50.143438101 CEST	53	49612	8.8.8.8	192.168.2.4
May 8, 2021 06:20:54.862464905 CEST	49285	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:54.913541079 CEST	53	49285	8.8.8.8	192.168.2.4
May 8, 2021 06:20:59.043186903 CEST	60875	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:59.043845892 CEST	56448	53	192.168.2.4	8.8.8.8
May 8, 2021 06:20:59.100651026 CEST	53	56448	8.8.8.8	192.168.2.4
May 8, 2021 06:20:59.114630938 CEST	53	60875	8.8.8.8	192.168.2.4
May 8, 2021 06:21:01.011635065 CEST	62420	53	192.168.2.4	8.8.8.8
May 8, 2021 06:21:01.076653957 CEST	53	62420	8.8.8.8	192.168.2.4
May 8, 2021 06:21:03.027682066 CEST	60579	53	192.168.2.4	8.8.8.8
May 8, 2021 06:21:03.079617023 CEST	53	60579	8.8.8.8	192.168.2.4
May 8, 2021 06:21:04.346649885 CEST	50183	53	192.168.2.4	8.8.8.8
May 8, 2021 06:21:04.418453932 CEST	53	50183	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.417748928 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.478677988 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.478704929 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.478717089 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.479690075 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.481364012 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.489223003 CEST	49231	443	192.168.2.4	172.217.20.1
May 8, 2021 06:21:07.548928022 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:07.551783085 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:07.563790083 CEST	443	49231	172.217.20.1	192.168.2.4
May 8, 2021 06:21:07.563815117 CEST	443	49231	172.217.20.1	192.168.2.4
May 8, 2021 06:21:07.563855886 CEST	443	49231	172.217.20.1	192.168.2.4
May 8, 2021 06:21:07.564538002 CEST	49231	443	192.168.2.4	172.217.20.1
May 8, 2021 06:21:07.565893888 CEST	49231	443	192.168.2.4	172.217.20.1
May 8, 2021 06:21:07.644460917 CEST	443	49231	172.217.20.1	192.168.2.4
May 8, 2021 06:21:07.660721064 CEST	443	49231	172.217.20.1	192.168.2.4
May 8, 2021 06:21:07.663722992 CEST	49231	443	192.168.2.4	172.217.20.1
May 8, 2021 06:21:08.130563021 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:08.133635998 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:08.177355051 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:08.183674097 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:08.183701992 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:08.185034037 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:08.185787916 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:08.185811043 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:08.189527035 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:08.244283915 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:08.244362116 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:08.245575905 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:08.349864960 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:08.412282944 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:08.412374020 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:08.417998075 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:09.612900972 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:09.665781975 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:09.665806055 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:09.775090933 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:09.884442091 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:10.084494114 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:10.084528923 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:10.484519958 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:10.484546900 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:10.684860945 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:10.684900999 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:10.685652971 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:10.686414957 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:10.988661051 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:14.204869986 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:14.258110046 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:14.258135080 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:14.258966923 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:16.863960028 CEST	64206	53	192.168.2.4	8.8.8.8
May 8, 2021 06:21:16.921236038 CEST	53	64206	8.8.8.8	192.168.2.4
May 8, 2021 06:21:24.405612946 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:24.482980967 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:24.483016968 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:24.484112024 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:34.570348024 CEST	50904	53	192.168.2.4	8.8.8.8
May 8, 2021 06:21:34.629013062 CEST	53	50904	8.8.8.8	192.168.2.4
May 8, 2021 06:21:42.199645042 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:42.251971960 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:42.251983881 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:42.266891956 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:42.504234076 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:42.529237032 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:42.559660912 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:42.559695959 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:42.560483932 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:42.581490993 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:42.581520081 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:42.583254099 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:57.012875080 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:57.071386099 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:57.071417093 CEST	443	49230	8.8.8.8	192.168.2.4
May 8, 2021 06:21:57.072181940 CEST	49230	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:58.017091036 CEST	57527	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:58.074882984 CEST	443	57527	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.074914932 CEST	443	57527	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.074932098 CEST	443	57527	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.075725079 CEST	57527	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:58.076761961 CEST	57527	443	192.168.2.4	8.8.8.8
May 8, 2021 06:21:58.139756918 CEST	443	57527	8.8.8.8	192.168.2.4
May 8, 2021 06:21:58.143433094 CEST	57527	443	192.168.2.4	8.8.8.8
May 8, 2021 06:22:04.345048904 CEST	57527	443	192.168.2.4	8.8.8.8
May 8, 2021 06:22:04.409142971 CEST	443	57527	8.8.8.8	192.168.2.4
May 8, 2021 06:22:04.409174919 CEST	443	57527	8.8.8.8	192.168.2.4
May 8, 2021 06:22:04.410077095 CEST	57527	443	192.168.2.4	8.8.8.8
May 8, 2021 06:22:07.201191902 CEST	53418	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:07.277156115 CEST	53	53418	8.8.8.8	192.168.2.4
May 8, 2021 06:22:07.416771889 CEST	62833	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:07.492899895 CEST	53	62833	8.8.8.8	192.168.2.4
May 8, 2021 06:22:07.640924931 CEST	59260	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:07.698040009 CEST	53	59260	8.8.8.8	192.168.2.4
May 8, 2021 06:22:09.179830074 CEST	49944	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:09.238682985 CEST	53	49944	8.8.8.8	192.168.2.4
May 8, 2021 06:22:09.708357096 CEST	63300	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:09.765460014 CEST	53	63300	8.8.8.8	192.168.2.4
May 8, 2021 06:22:10.302604914 CEST	61449	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:10.354600906 CEST	53	61449	8.8.8.8	192.168.2.4
May 8, 2021 06:22:10.972521067 CEST	51275	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:11.032800913 CEST	53	51275	8.8.8.8	192.168.2.4
May 8, 2021 06:22:11.491120100 CEST	63492	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:11.548120022 CEST	53	63492	8.8.8.8	192.168.2.4
May 8, 2021 06:22:12.174479961 CEST	58945	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:12.232999086 CEST	53	58945	8.8.8.8	192.168.2.4
May 8, 2021 06:22:12.617662907 CEST	60779	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:12.674679995 CEST	53	60779	8.8.8.8	192.168.2.4
May 8, 2021 06:22:12.777353048 CEST	64014	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:12.839565992 CEST	53	64014	8.8.8.8	192.168.2.4
May 8, 2021 06:22:13.262700081 CEST	57091	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:13.322052002 CEST	53	57091	8.8.8.8	192.168.2.4
May 8, 2021 06:22:13.988447905 CEST	55904	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:14.037138939 CEST	53	55904	8.8.8.8	192.168.2.4
May 8, 2021 06:22:14.447463036 CEST	52109	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:14.504549980 CEST	53	52109	8.8.8.8	192.168.2.4
May 8, 2021 06:22:31.357448101 CEST	52111	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:31.431668043 CEST	443	52111	172.217.20.3	192.168.2.4
May 8, 2021 06:22:31.431709051 CEST	443	52111	172.217.20.3	192.168.2.4
May 8, 2021 06:22:31.434417009 CEST	52111	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:31.511787891 CEST	443	52111	172.217.20.3	192.168.2.4
May 8, 2021 06:22:31.527681112 CEST	443	52111	172.217.20.3	192.168.2.4
May 8, 2021 06:22:31.529294014 CEST	52111	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:31.529321909 CEST	52111	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:31.606856108 CEST	443	52111	172.217.20.3	192.168.2.4
May 8, 2021 06:22:31.606992006 CEST	443	52111	172.217.20.3	192.168.2.4
May 8, 2021 06:22:31.607011080 CEST	443	52111	172.217.20.3	192.168.2.4
May 8, 2021 06:22:31.607903004 CEST	52111	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:31.761435032 CEST	52111	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:31.789210081 CEST	443	52111	172.217.20.3	192.168.2.4
May 8, 2021 06:22:31.823246002 CEST	52111	443	192.168.2.4	172.217.20.3
May 8, 2021 06:22:58.165565014 CEST	54450	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:58.236387014 CEST	53	54450	8.8.8.8	192.168.2.4
May 8, 2021 06:22:58.362538099 CEST	49374	53	192.168.2.4	8.8.8.8
May 8, 2021 06:22:58.419543982 CEST	53	49374	8.8.8.8	192.168.2.4
May 8, 2021 06:23:06.247335911 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:06.324727058 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:06.340950966 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:06.342219114 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:06.342839003 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:06.363125086 CEST	50436	53	192.168.2.4	8.8.8.8
May 8, 2021 06:23:06.419487000 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:06.419512033 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:06.419528008 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:06.420669079 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:06.430991888 CEST	53	50436	8.8.8.8	192.168.2.4
May 8, 2021 06:23:06.446690083 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:06.575594902 CEST	62605	53	192.168.2.4	8.8.8.8
May 8, 2021 06:23:06.632533073 CEST	53	62605	8.8.8.8	192.168.2.4
May 8, 2021 06:23:07.611584902 CEST	54256	53	192.168.2.4	8.8.8.8
May 8, 2021 06:23:07.663077116 CEST	53	54256	8.8.8.8	192.168.2.4
May 8, 2021 06:23:07.667984962 CEST	54257	443	192.168.2.4	8.8.8.8
May 8, 2021 06:23:07.668500900 CEST	54257	443	192.168.2.4	8.8.8.8
May 8, 2021 06:23:07.731985092 CEST	443	54257	8.8.8.8	192.168.2.4
May 8, 2021 06:23:07.732985973 CEST	54257	443	192.168.2.4	8.8.8.8
May 8, 2021 06:23:07.735351086 CEST	443	54257	8.8.8.8	192.168.2.4
May 8, 2021 06:23:07.735397100 CEST	443	54257	8.8.8.8	192.168.2.4
May 8, 2021 06:23:07.736350060 CEST	54257	443	192.168.2.4	8.8.8.8
May 8, 2021 06:23:10.836975098 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:10.912862062 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:10.912919044 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:10.912998915 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:10.913630962 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:10.940537930 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:15.539942026 CEST	52189	53	192.168.2.4	8.8.8.8
May 8, 2021 06:23:15.599781036 CEST	53	52189	8.8.8.8	192.168.2.4
May 8, 2021 06:23:15.723862886 CEST	56131	53	192.168.2.4	8.8.8.8
May 8, 2021 06:23:15.781073093 CEST	53	56131	8.8.8.8	192.168.2.4
May 8, 2021 06:23:19.556183100 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:19.633569956 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:19.633596897 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:19.633613110 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:19.635133028 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:19.660979986 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:28.397058010 CEST	62992	53	192.168.2.4	8.8.8.8
May 8, 2021 06:23:28.479341984 CEST	53	62992	8.8.8.8	192.168.2.4
May 8, 2021 06:23:28.615737915 CEST	54432	53	192.168.2.4	8.8.8.8
May 8, 2021 06:23:28.672800064 CEST	53	54432	8.8.8.8	192.168.2.4
May 8, 2021 06:23:32.402964115 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:32.478734016 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:32.478802919 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:32.478843927 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:32.479437113 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:32.505841970 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:45.361761093 CEST	57227	53	192.168.2.4	8.8.8.8
May 8, 2021 06:23:45.432158947 CEST	53	57227	8.8.8.8	192.168.2.4
May 8, 2021 06:23:45.569542885 CEST	58383	53	192.168.2.4	8.8.8.8
May 8, 2021 06:23:45.629920959 CEST	53	58383	8.8.8.8	192.168.2.4
May 8, 2021 06:23:49.369467974 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:23:49.451037884 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:49.452297926 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:23:49.453644037 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:24:06.441780090 CEST	63136	53	192.168.2.4	8.8.8.8
May 8, 2021 06:24:06.516519070 CEST	53	63136	8.8.8.8	192.168.2.4
May 8, 2021 06:24:06.639440060 CEST	50911	53	192.168.2.4	8.8.8.8
May 8, 2021 06:24:06.699672937 CEST	53	50911	8.8.8.8	192.168.2.4
May 8, 2021 06:24:10.459769011 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:24:10.537802935 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:24:10.538664103 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:24:10.538692951 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:24:10.539928913 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:24:10.566061974 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:24:31.571504116 CEST	59185	53	192.168.2.4	8.8.8.8
May 8, 2021 06:24:31.628555059 CEST	53	59185	8.8.8.8	192.168.2.4
May 8, 2021 06:24:31.746973991 CEST	64236	53	192.168.2.4	8.8.8.8
May 8, 2021 06:24:31.806229115 CEST	53	64236	8.8.8.8	192.168.2.4
May 8, 2021 06:24:35.703789949 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:24:35.779416084 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:24:35.779445887 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:24:35.779453993 CEST	443	49376	172.217.20.3	192.168.2.4
May 8, 2021 06:24:35.780663967 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:24:35.807904959 CEST	49376	443	192.168.2.4	172.217.20.3
May 8, 2021 06:24:50.413623095 CEST	56157	53	192.168.2.4	8.8.8.8
May 8, 2021 06:24:50.470711946 CEST	53	56157	8.8.8.8	192.168.2.4
May 8, 2021 06:24:50.954731941 CEST	55601	53	192.168.2.4	8.8.8.8
May 8, 2021 06:24:51.021404028 CEST	53	55601	8.8.8.8	192.168.2.4
May 8, 2021 06:24:51.863140106 CEST	52984	53	192.168.2.4	8.8.8.8
May 8, 2021 06:24:51.932301044 CEST	53	52984	8.8.8.8	192.168.2.4
May 8, 2021 06:24:52.474487066 CEST	51141	53	192.168.2.4	8.8.8.8
May 8, 2021 06:24:52.535125017 CEST	53	51141	8.8.8.8	192.168.2.4
May 8, 2021 06:24:52.812977076 CEST	53610	53	192.168.2.4	8.8.8.8
May 8, 2021 06:24:52.862333059 CEST	53	53610	8.8.8.8	192.168.2.4
May 8, 2021 06:25:01.048736095 CEST	61247	53	192.168.2.4	8.8.8.8
May 8, 2021 06:25:01.105675936 CEST	53	61247	8.8.8.8	192.168.2.4
May 8, 2021 06:25:05.118067026 CEST	61249	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:05.197036028 CEST	443	61249	172.217.20.3	192.168.2.4
May 8, 2021 06:25:05.213289022 CEST	443	61249	172.217.20.3	192.168.2.4
May 8, 2021 06:25:05.214426994 CEST	61249	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:05.215034962 CEST	61249	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:05.292253017 CEST	443	61249	172.217.20.3	192.168.2.4
May 8, 2021 06:25:05.292288065 CEST	443	61249	172.217.20.3	192.168.2.4
May 8, 2021 06:25:05.292351007 CEST	443	61249	172.217.20.3	192.168.2.4
May 8, 2021 06:25:05.294416904 CEST	61249	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:05.319792986 CEST	61249	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:25.855987072 CEST	65165	53	192.168.2.4	8.8.8.8
May 8, 2021 06:25:25.907471895 CEST	53	65165	8.8.8.8	192.168.2.4
May 8, 2021 06:25:25.961131096 CEST	65166	443	192.168.2.4	8.8.8.8
May 8, 2021 06:25:25.961838007 CEST	65166	443	192.168.2.4	8.8.8.8
May 8, 2021 06:25:26.024168015 CEST	443	65166	8.8.8.8	192.168.2.4
May 8, 2021 06:25:26.025160074 CEST	65166	443	192.168.2.4	8.8.8.8
May 8, 2021 06:25:26.040112972 CEST	443	65166	8.8.8.8	192.168.2.4
May 8, 2021 06:25:26.040137053 CEST	443	65166	8.8.8.8	192.168.2.4
May 8, 2021 06:25:26.041033983 CEST	65166	443	192.168.2.4	8.8.8.8
May 8, 2021 06:25:34.615264893 CEST	52076	53	192.168.2.4	8.8.8.8
May 8, 2021 06:25:34.675585985 CEST	53	52076	8.8.8.8	192.168.2.4
May 8, 2021 06:25:35.154207945 CEST	54903	53	192.168.2.4	8.8.8.8
May 8, 2021 06:25:35.225635052 CEST	53	54903	8.8.8.8	192.168.2.4
May 8, 2021 06:25:42.594630003 CEST	54905	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:42.671647072 CEST	443	54905	172.217.20.3	192.168.2.4
May 8, 2021 06:25:42.688203096 CEST	443	54905	172.217.20.3	192.168.2.4
May 8, 2021 06:25:42.689573050 CEST	54905	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:42.690135956 CEST	54905	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:42.766475916 CEST	443	54905	172.217.20.3	192.168.2.4
May 8, 2021 06:25:42.766545057 CEST	443	54905	172.217.20.3	192.168.2.4
May 8, 2021 06:25:42.766628027 CEST	443	54905	172.217.20.3	192.168.2.4
May 8, 2021 06:25:42.767600060 CEST	54905	443	192.168.2.4	172.217.20.3
May 8, 2021 06:25:42.794364929 CEST	54905	443	192.168.2.4	172.217.20.3
May 8, 2021 06:26:20.251243114 CEST	55045	53	192.168.2.4	8.8.8.8
May 8, 2021 06:26:20.313549995 CEST	53	55045	8.8.8.8	192.168.2.4
May 8, 2021 06:26:28.475239038 CEST	55047	443	192.168.2.4	172.217.20.3
May 8, 2021 06:26:28.552680969 CEST	443	55047	172.217.20.3	192.168.2.4
May 8, 2021 06:26:28.569215059 CEST	443	55047	172.217.20.3	192.168.2.4
May 8, 2021 06:26:28.569993973 CEST	55047	443	192.168.2.4	172.217.20.3
May 8, 2021 06:26:28.570446014 CEST	55047	443	192.168.2.4	172.217.20.3
May 8, 2021 06:26:28.646331072 CEST	443	55047	172.217.20.3	192.168.2.4
May 8, 2021 06:26:28.646365881 CEST	443	55047	172.217.20.3	192.168.2.4
May 8, 2021 06:26:28.646459103 CEST	443	55047	172.217.20.3	192.168.2.4
May 8, 2021 06:26:28.648058891 CEST	55047	443	192.168.2.4	172.217.20.3
May 8, 2021 06:26:28.674298048 CEST	55047	443	192.168.2.4	172.217.20.3
May 8, 2021 06:27:14.485516071 CEST	54464	53	192.168.2.4	8.8.8.8
May 8, 2021 06:27:14.544305086 CEST	53	54464	8.8.8.8	192.168.2.4
May 8, 2021 06:27:22.864809990 CEST	50970	53	192.168.2.4	8.8.8.8
May 8, 2021 06:27:22.916280985 CEST	53	50970	8.8.8.8	192.168.2.4
May 8, 2021 06:27:22.920299053 CEST	50971	443	192.168.2.4	8.8.8.8
May 8, 2021 06:27:22.920651913 CEST	50971	443	192.168.2.4	8.8.8.8
May 8, 2021 06:27:22.983485937 CEST	443	50971	8.8.8.8	192.168.2.4
May 8, 2021 06:27:22.984515905 CEST	50971	443	192.168.2.4	8.8.8.8
May 8, 2021 06:27:22.984962940 CEST	443	50971	8.8.8.8	192.168.2.4
May 8, 2021 06:27:22.984996080 CEST	443	50971	8.8.8.8	192.168.2.4
May 8, 2021 06:27:22.985537052 CEST	50971	443	192.168.2.4	8.8.8.8
May 8, 2021 06:27:22.988074064 CEST	50972	443	192.168.2.4	172.217.20.3
May 8, 2021 06:27:23.069119930 CEST	443	50972	172.217.20.3	192.168.2.4
May 8, 2021 06:27:23.085196018 CEST	443	50972	172.217.20.3	192.168.2.4
May 8, 2021 06:27:23.086299896 CEST	50972	443	192.168.2.4	172.217.20.3
May 8, 2021 06:27:23.086692095 CEST	50972	443	192.168.2.4	172.217.20.3
May 8, 2021 06:27:23.163034916 CEST	443	50972	172.217.20.3	192.168.2.4
May 8, 2021 06:27:23.163116932 CEST	443	50972	172.217.20.3	192.168.2.4
May 8, 2021 06:27:23.163229942 CEST	443	50972	172.217.20.3	192.168.2.4
May 8, 2021 06:27:23.163781881 CEST	50972	443	192.168.2.4	172.217.20.3
May 8, 2021 06:27:23.192789078 CEST	50972	443	192.168.2.4	172.217.20.3
May 8, 2021 06:27:32.639250040 CEST	55261	53	192.168.2.4	8.8.8.8
May 8, 2021 06:27:32.715116978 CEST	53	55261	8.8.8.8	192.168.2.4
May 8, 2021 06:28:17.162822008 CEST	59809	53	192.168.2.4	8.8.8.8
May 8, 2021 06:28:17.219918013 CEST	53	59809	8.8.8.8	192.168.2.4
May 8, 2021 06:28:33.091119051 CEST	59811	443	192.168.2.4	172.217.20.3
May 8, 2021 06:28:33.172015905 CEST	443	59811	172.217.20.3	192.168.2.4
May 8, 2021 06:28:33.187450886 CEST	443	59811	172.217.20.3	192.168.2.4
May 8, 2021 06:28:33.188327074 CEST	59811	443	192.168.2.4	172.217.20.3
May 8, 2021 06:28:33.188991070 CEST	59811	443	192.168.2.4	172.217.20.3
May 8, 2021 06:28:33.265259027 CEST	443	59811	172.217.20.3	192.168.2.4
May 8, 2021 06:28:33.265290022 CEST	443	59811	172.217.20.3	192.168.2.4
May 8, 2021 06:28:33.265516996 CEST	443	59811	172.217.20.3	192.168.2.4
May 8, 2021 06:28:33.266146898 CEST	59811	443	192.168.2.4	172.217.20.3
May 8, 2021 06:28:33.292526007 CEST	59811	443	192.168.2.4	172.217.20.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 8, 2021 06:20:25.207314014 CEST	192.168.2.4	8.8.8.8	0xb35e	Standard query (0)	cdn.wavebrowserbase.com	A (IP address)	IN (0x0001)
May 8, 2021 06:20:44.094604015 CEST	192.168.2.4	8.8.8.8	0x6964	Standard query (0)	api.wavebrowserbase.com	A (IP address)	IN (0x0001)
May 8, 2021 06:20:50.082840919 CEST	192.168.2.4	8.8.8.8	0x4a18	Standard query (0)	api.wavebrowser.co	A (IP address)	IN (0x0001)
May 8, 2021 06:20:59.043186903 CEST	192.168.2.4	8.8.8.8	0x9566	Standard query (0)	s2.googleusercontent.com	A (IP address)	IN (0x0001)
May 8, 2021 06:21:01.011635065 CEST	192.168.2.4	8.8.8.8	0x991e	Standard query (0)	api.wavebrowser.co	A (IP address)	IN (0x0001)
May 8, 2021 06:21:03.027682066 CEST	192.168.2.4	8.8.8.8	0x2329	Standard query (0)	dns.google	A (IP address)	IN (0x0001)
May 8, 2021 06:21:04.346649885 CEST	192.168.2.4	8.8.8.8	0x8972	Standard query (0)	www.mywavehome.net	A (IP address)	IN (0x0001)
May 8, 2021 06:23:07.611584902 CEST	192.168.2.4	8.8.8.8	0x3669	Standard query (0)	dns.google	A (IP address)	IN (0x0001)
May 8, 2021 06:25:25.855987072 CEST	192.168.2.4	8.8.8.8	0xb0ae	Standard query (0)	dns.google	A (IP address)	IN (0x0001)
May 8, 2021 06:27:22.864809990 CEST	192.168.2.4	8.8.8.8	0xdfa7	Standard query (0)	dns.google	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
May 8, 2021 06:20:25.270553112 CEST	8.8.8.8	192.168.2.4	0xb35e	No error (0)	cdn.wavebrowserbase.com		143.204.209.86	A (IP address)	IN (0x0001)
May 8, 2021 06:20:25.270553112 CEST	8.8.8.8	192.168.2.4	0xb35e	No error (0)	cdn.wavebrowserbase.com		143.204.209.120	A (IP address)	IN (0x0001)
May 8, 2021 06:20:25.270553112 CEST	8.8.8.8	192.168.2.4	0xb35e	No error (0)	cdn.wavebrowserbase.com		143.204.209.54	A (IP address)	IN (0x0001)
May 8, 2021 06:20:25.270553112 CEST	8.8.8.8	192.168.2.4	0xb35e	No error (0)	cdn.wavebrowserbase.com		143.204.209.114	A (IP address)	IN (0x0001)
May 8, 2021 06:20:44.160847902 CEST	8.8.8.8	192.168.2.4	0x6964	No error (0)	api.wavebrowserbase.com		52.72.140.231	A (IP address)	IN (0x0001)
May 8, 2021 06:20:44.160847902 CEST	8.8.8.8	192.168.2.4	0x6964	No error (0)	api.wavebrowserbase.com		34.198.11.52	A (IP address)	IN (0x0001)
May 8, 2021 06:20:44.160847902 CEST	8.8.8.8	192.168.2.4	0x6964	No error (0)	api.wavebrowserbase.com		23.23.34.82	A (IP address)	IN (0x0001)
May 8, 2021 06:20:50.143438101 CEST	8.8.8.8	192.168.2.4	0x4a18	No error (0)	api.wavebrowser.co		52.72.140.231	A (IP address)	IN (0x0001)
May 8, 2021 06:20:50.143438101 CEST	8.8.8.8	192.168.2.4	0x4a18	No error (0)	api.wavebrowser.co		23.23.34.82	A (IP address)	IN (0x0001)
May 8, 2021 06:20:50.143438101 CEST	8.8.8.8	192.168.2.4	0x4a18	No error (0)	api.wavebrowser.co		34.198.11.52	A (IP address)	IN (0x0001)
May 8, 2021 06:20:59.114630938 CEST	8.8.8.8	192.168.2.4	0x9566	No error (0)	s2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
May 8, 2021 06:20:59.114630938 CEST	8.8.8.8	192.168.2.4	0x9566	No error (0)	googlehosted.l.googleusercontent.com		172.217.20.1	A (IP address)	IN (0x0001)
May 8, 2021 06:21:01.076653957 CEST	8.8.8.8	192.168.2.4	0x991e	No error (0)	api.wavebrowser.co		34.198.11.52	A (IP address)	IN (0x0001)
May 8, 2021 06:21:01.076653957 CEST	8.8.8.8	192.168.2.4	0x991e	No error (0)	api.wavebrowser.co		52.72.140.231	A (IP address)	IN (0x0001)
May 8, 2021 06:21:01.076653957 CEST	8.8.8.8	192.168.2.4	0x991e	No error (0)	api.wavebrowser.co		23.23.34.82	A (IP address)	IN (0x0001)
May 8, 2021 06:21:03.079617023 CEST	8.8.8.8	192.168.2.4	0x2329	No error (0)	dns.google		8.8.8.8	A (IP address)	IN (0x0001)
May 8, 2021 06:21:03.079617023 CEST	8.8.8.8	192.168.2.4	0x2329	No error (0)	dns.google		8.8.4.4	A (IP address)	IN (0x0001)
May 8, 2021 06:21:04.418453932 CEST	8.8.8.8	192.168.2.4	0x8972	No error (0)	www.mywavehome.net		54.87.190.176	A (IP address)	IN (0x0001)
May 8, 2021 06:21:04.418453932 CEST	8.8.8.8	192.168.2.4	0x8972	No error (0)	www.mywavehome.net		34.198.81.120	A (IP address)	IN (0x0001)
May 8, 2021 06:21:04.418453932 CEST	8.8.8.8	192.168.2.4	0x8972	No error (0)	www.mywavehome.net		52.203.124.75	A (IP address)	IN (0x0001)
May 8, 2021 06:23:07.663077116 CEST	8.8.8.8	192.168.2.4	0x3669	No error (0)	dns.google		8.8.8.8	A (IP address)	IN (0x0001)
May 8, 2021 06:23:07.663077116 CEST	8.8.8.8	192.168.2.4	0x3669	No error (0)	dns.google		8.8.4.4	A (IP address)	IN (0x0001)
May 8, 2021 06:24:50.470711946 CEST	8.8.8.8	192.168.2.4	0xc6b	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.akadns.net		CNAME (Canonical name)	IN (0x0001)
May 8, 2021 06:25:25.907471895 CEST	8.8.8.8	192.168.2.4	0xb0ae	No error (0)	dns.google		8.8.8.8	A (IP address)	IN (0x0001)
May 8, 2021 06:25:25.907471895 CEST	8.8.8.8	192.168.2.4	0xb0ae	No error (0)	dns.google		8.8.4.4	A (IP address)	IN (0x0001)
May 8, 2021 06:27:22.916280985 CEST	8.8.8.8	192.168.2.4	0xdfa7	No error (0)	dns.google		8.8.8.8	A (IP address)	IN (0x0001)
May 8, 2021 06:27:22.916280985 CEST	8.8.8.8	192.168.2.4	0xdfa7	No error (0)	dns.google		8.8.4.4	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
May 8, 2021 06:20:25.527951002 CEST	143.204.209.86	443	192.168.2.4	49734	CN=wavebrowserbase.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Jan 06 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Sat Feb 05 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
May 8, 2021 06:20:44.524768114 CEST	52.72.140.231	443	192.168.2.4	49746	CN=wavebrowserbase.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Jan 06 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Sat Feb 05 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
May 8, 2021 06:20:50.515871048 CEST	52.72.140.231	443	192.168.2.4	49748	CN=wavebrowser.co CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Jan 11 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Feb 10 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
May 8, 2021 06:21:01.358772039 CEST	34.198.11.52	443	192.168.2.4	49752	CN=wavebrowser.co CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Mon Jan 11 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Feb 10 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
May 8, 2021 06:21:07.747210026 CEST	34.198.81.120	443	192.168.2.4	49757	CN=mywavehome.co CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Jan 06 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Sat Feb 05 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
May 8, 2021 06:21:07.750127077 CEST	34.198.81.120	443	192.168.2.4	49758	CN=mywavehome.co CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Jan 06 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Sat Feb 05 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
May 8, 2021 06:21:08.282573938 CEST	151.101.2.109	443	192.168.2.4	49761	CN=f3.shared.global.fastly.net, O="Fastly, Inc.", L=San Francisco, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE	CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Mon May 03 21:53:43 CEST 2021 Wed Aug 19 02:00:00 CEST 2015	Sat Mar 26 14:08:54 CET 2022 Tue Aug 19 02:00:00 CEST 2025	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
May 8, 2021 06:21:08.282573938 CEST	151.101.2.109	443	192.168.2.4	49761	CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Wed Aug 19 02:00:00 CEST 2015	Tue Aug 19 02:00:00 CEST 2025		b32309a26951912be7dba376398abc3b
May 8, 2021 06:21:08.284580946 CEST	151.101.2.109	443	192.168.2.4	49762	CN=f3.shared.global.fastly.net, O="Fastly, Inc.", L=San Francisco, ST=California, C=US CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE	CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Mon May 03 21:53:43 CEST 2021 Wed Aug 19 02:00:00 CEST 2015	Sat Mar 26 14:08:54 CET 2022 Tue Aug 19 02:00:00 CEST 2025	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
May 8, 2021 06:21:08.284580946 CEST	151.101.2.109	443	192.168.2.4	49762	CN=GlobalSign CloudSSL CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Wed Aug 19 02:00:00 CEST 2015	Tue Aug 19 02:00:00 CEST 2025		b32309a26951912be7dba376398abc3b
May 8, 2021 06:21:42.839672089 CEST	34.198.11.52	443	192.168.2.4	49776	CN=mywavehome.co CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Jan 06 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Sat Feb 05 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
May 8, 2021 06:21:57.351526022 CEST	52.72.140.231	443	192.168.2.4	49778	CN=wavehomepage.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Jan 06 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Sat Feb 05 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
May 8, 2021 06:23:08.010430098 CEST	23.23.34.82	443	192.168.2.4	49798	CN=wavehomepage.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Jan 06 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Sat Feb 05 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
May 8, 2021 06:23:08.096529007 CEST	23.23.34.82	443	192.168.2.4	49799	CN=wavehomepage.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Jan 06 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Sat Feb 05 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Wave Browser_cg5vc6cx_.exe PID: 6284 Parent PID: 5960

General

Start time:	06:20:19
Start date:	08/05/2021
Path:	C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe'
Imagebase:	0x400000
File size:	64298088 bytes
MD5 hash:	5D999339F21D3A6B4EE9726874D6FBC5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: setup.exe PID: 3028 Parent PID: 6284

General

Start time:	06:20:30
Start date:	08/05/2021
Path:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe' --install-archive='C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z' --do-not-register-for-update-launch --make-chrome-default
Imagebase:	0x7ff678440000
File size:	2928728 bytes
MD5 hash:	C0364BBC1A78CE97482F4A0B0DDBAD08
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: setup.exe PID: 7124 Parent PID: 3028

General

Start time:	06:20:31
Start date:	08/05/2021
Path:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0
Imagebase:	0x7ff678440000
File size:	2928728 bytes
MD5 hash:	C0364BBC1A78CE97482F4A0B0DDBAD08
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: setdf.exe PID: 7108 Parent PID: 3028

General

Start time:	06:20:47
Start date:	08/05/2021
Path:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe 'C:\Users\user\AppData\Local\Temp\af85ff68-db96-4195-b531-f1a4aee5bead.tmp'
Imagebase:	0x400000
File size:	69288 bytes
MD5 hash:	6573AEE829B967E22C3B984DF199250B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 8%, Metadefender, Browse Detection: 3%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: conhost.exe PID: 5860 Parent PID: 7108

General

Start time:	06:20:48
Start date:	08/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: wavebrowser.exe PID: 3124 Parent PID: 3028

General

Start time:	06:20:51
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --prevdefbrowser=2 --install-type=1
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: wavebrowser.exe PID: 4928 Parent PID: 3124

General

Start time:	06:20:52
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: wavebrowser.exe PID: 6748 Parent PID: 3124

General

Start time:	06:20:54
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: wavebrowser.exe PID: 7032 Parent PID: 3124

General

Start time:	06:20:56
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=1796 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: wavebrowser.exe PID: 7072 Parent PID: 3124

General

Start time:	06:20:58
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: wavebrowser.exe PID: 1376 Parent PID: 3124

General

Start time:	06:20:58
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 6800 Parent PID: 3124

General

Start time:	06:20:59
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 6492 Parent PID: 3124

General

Start time:	06:21:00
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 4296 Parent PID: 3124

General

Start time:	06:21:02
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 6840 Parent PID: 3124

General

Start time:	06:21:04
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
Imagebase:	0x7ff77ba70000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 7012 Parent PID: 3124

General

Start time:	06:21:05
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 5524 Parent PID: 3124

General

Start time:	06:21:07
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 2088 Parent PID: 3124

General

Start time:	06:21:43
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 6456 Parent PID: 3124

General

Start time:	06:21:44
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 6864 Parent PID: 3124

General

Start time:	06:21:45
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 6828 Parent PID: 3124

General

Start time:	06:21:47
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 5588 Parent PID: 3124

General

Start time:	06:21:48
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 4944 Parent PID: 3124

General

Start time:	06:21:49
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 6548 Parent PID: 3124

General

Start time:	06:21:52
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 5088 Parent PID: 3124

General

Start time:	06:21:53
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: wavebrowser.exe PID: 7016 Parent PID: 3124

General

Start time:	06:21:54
Start date:	08/05/2021
Path:	C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:8
Imagebase:	0x7ff7dd3d0000
File size:	2049112 bytes
MD5 hash:	D01181033AE0FD1E5C8D09DF0AAA70CF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Wave Browser_cg5vc6cx_.exe PID: 6284 Parent PID: 5960 Wave Browser_cg5vc6cx_.exeCOMMON

Execution Graph

Execution Coverage:	24.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	21.2%
Total number of Nodes:	1309
Total number of Limit Nodes:	36

Executed Functions

Function 004031D6, Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 366
stringcomfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 85%

			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t62;
				int _t65;
				signed int _t66;
				int _t67;
				signed int _t69;
				void* _t93;
				signed int _t109;
				void* _t112;
				void* _t117;
				intOrPtr* _t118;
				char _t121;
				signed int _t140;
				signed int _t141;
				int _t149;
				void* _t150;
				intOrPtr* _t152;
				CHAR* _t155;
				CHAR* _t156;
				void* _t158;
				char* _t159;
				void* _t162;
				void* _t163;
				char _t188;

				 *(_t163 + 0x18) = 0;
				 *((intOrPtr*)(_t163 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t163 + 0x20) = 0;
				 *(_t163 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42370c = _t42;
				if(_t42 != 6) {
					_t118 = E00406302(0);
					if(_t118 != 0) {
						 *_t118(0xc00);
					}
				}
				_t155 = "UXTHEME";
				do {
					E00406294(_t155); // executed
					_t155 =  &(_t155[lstrlenA(_t155) + 1]);
				} while ( *_t155 != 0);
				E00406302(0xa);
				 *0x423704 = E00406302(8);
				_t47 = E00406302(6);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42370f =  *0x42370f | 0x00000040;
					}
				}
				__imp__#17(_t158);
				__imp__OleInitialize(0); // executed
				 *0x4237d8 = _t47;
				SHGetFileInfoA(0x41ecc8, 0, _t163 + 0x38, 0x160, 0); // executed
				E00405F6A(0x422f00, "NSIS Error");
				_t51 = GetCommandLineA();
				_t159 = "\"C:\\Users\\jones\\Desktop\\Wave Browser_cg5vc6cx_.exe\" ";
				E00405F6A(_t159, _t51);
				 *0x423700 = 0x400000;
				_t53 = _t159;
				if("\"C:\\Users\\jones\\Desktop\\Wave Browser_cg5vc6cx_.exe\" " == 0x22) {
					 *(_t163 + 0x14) = 0x22;
					_t53 =  &M00429001;
				}
				_t55 = CharNextA(E0040592D(_t53,  *(_t163 + 0x14)));
				 *(_t163 + 0x1c) = _t55;
				while(1) {
					_t121 =  *_t55;
					_t171 = _t121;
					if(_t121 == 0) {
						break;
					}
					__eflags = _t121 - 0x20;
					if(_t121 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t163 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t163 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E0040592D(_t55,  *(_t163 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x409183 << 0x00000008 |  *0x409182) << 0x00000008 |  *0x409181) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x409183 << 0x00000008 |  *0x409182) << 0x00000008 |  *0x409181) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40917b << 0x00000008 |  *0x40917a) << 0x00000008 |  *0x409179) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40917b << 0x00000008 |  *0x40917a) << 0x00000008 |  *0x409179) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00405F6A("C:\\Users\\jones\\Wavesor Software\\WaveBrowser",  &(_t55[2]));
										L30:
										_t156 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t156);
										_t59 = E004031A5(_t171);
										_t172 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402D63(_t174,  *(_t163 + 0x20)); // executed
											 *((intOrPtr*)(_t163 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												_t184 =  *((intOrPtr*)(_t163 + 0x10));
												if( *((intOrPtr*)(_t163 + 0x10)) == 0) {
													__eflags =  *0x4237b4;
													if( *0x4237b4 == 0) {
														L67:
														_t62 =  *0x4237cc;
														__eflags = _t62 - 0xffffffff;
														if(_t62 != 0xffffffff) {
															 *(_t163 + 0x14) = _t62;
														}
														ExitProcess( *(_t163 + 0x14));
													}
													_t65 = OpenProcessToken(GetCurrentProcess(), 0x28, _t163 + 0x18);
													__eflags = _t65;
													_t149 = 2;
													if(_t65 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t163 + 0x24);
														 *(_t163 + 0x38) = 1;
														 *(_t163 + 0x44) = _t149;
														AdjustTokenPrivileges( *(_t163 + 0x2c), 0, _t163 + 0x28, 0, 0, 0);
													}
													_t66 = E00406302(4);
													__eflags = _t66;
													if(_t66 == 0) {
														L65:
														_t67 = ExitWindowsEx(_t149, 0x80040002);
														__eflags = _t67;
														if(_t67 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t69 =  *_t66(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t69;
														if(_t69 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405686( *((intOrPtr*)(_t163 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x423720 == 0) {
												L42:
												 *0x4237cc =  *0x4237cc | 0xffffffff;
												 *(_t163 + 0x18) = E00403798( *0x4237cc);
												goto L43;
											}
											_t152 = E0040592D(_t159, 0);
											if(_t152 < _t159) {
												L39:
												_t181 = _t152 - _t159;
												 *((intOrPtr*)(_t163 + 0x10)) = "Error launching installer";
												if(_t152 < _t159) {
													_t150 = E004055F1(_t184);
													lstrcatA(_t156, "~nsu");
													if(_t150 != 0) {
														lstrcatA(_t156, "A");
													}
													lstrcatA(_t156, ".tmp");
													_t161 = "C:\\Users\\jones\\Desktop";
													if(lstrcmpiA(_t156, "C:\\Users\\jones\\Desktop") != 0) {
														_push(_t156);
														if(_t150 == 0) {
															E004055D4();
														} else {
															E00405557();
														}
														SetCurrentDirectoryA(_t156);
														_t188 = "C:\\Users\\jones\\Wavesor Software\\WaveBrowser"; // 0x43
														if(_t188 == 0) {
															E00405F6A("C:\\Users\\jones\\Wavesor Software\\WaveBrowser", _t161);
														}
														E00405F6A("1572996",  *(_t163 + 0x1c));
														_t136 = "A";
														_t162 = 0x1a;
														 *0x424400 = "A";
														do {
															E00405F8C(0, 0x41e8c8, _t156, 0x41e8c8,  *((intOrPtr*)( *0x423714 + 0x120)));
															DeleteFileA(0x41e8c8);
															if( *((intOrPtr*)(_t163 + 0x10)) != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\Wave Browser_cg5vc6cx_.exe", 0x41e8c8, 1) != 0) {
																E00405D49(_t136, 0x41e8c8, 0);
																E00405F8C(0, 0x41e8c8, _t156, 0x41e8c8,  *((intOrPtr*)( *0x423714 + 0x124)));
																_t93 = E00405609(0x41e8c8);
																if(_t93 != 0) {
																	CloseHandle(_t93);
																	 *((intOrPtr*)(_t163 + 0x10)) = 0;
																}
															}
															 *0x424400 =  *0x424400 + 1;
															_t162 = _t162 - 1;
														} while (_t162 != 0);
														E00405D49(_t136, _t156, 0);
													}
													goto L43;
												}
												 *_t152 = 0;
												_t153 = _t152 + 4;
												if(E004059F0(_t181, _t152 + 4) == 0) {
													goto L43;
												}
												E00405F6A("C:\\Users\\jones\\Wavesor Software\\WaveBrowser", _t153);
												E00405F6A("C:\\Users\\jones\\AppData\\Local\\Temp\\nseBA51.tmp", _t153);
												 *((intOrPtr*)(_t163 + 0x10)) = 0;
												goto L42;
											}
											_t109 = (( *0x40915b << 0x00000008 |  *0x40915a) << 0x00000008 |  *0x409159) << 0x00000008 | " _?=";
											while( *_t152 != _t109) {
												_t152 = _t152 - 1;
												if(_t152 >= _t159) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t156, 0x3fb);
										lstrcatA(_t156, "\\Temp");
										_t112 = E004031A5(_t172);
										_t173 = _t112;
										if(_t112 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t156);
										lstrcatA(_t156, "Low");
										SetEnvironmentVariableA("TEMP", _t156);
										SetEnvironmentVariableA("TMP", _t156);
										_t117 = E004031A5(_t173);
										_t174 = _t117;
										if(_t117 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t140 = _t55[4];
								__eflags = _t140 - 0x20;
								if(_t140 == 0x20) {
									L23:
									_t15 = _t163 + 0x20;
									 *_t15 =  *(_t163 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t140;
								if(_t140 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t141 = _t55[1];
							__eflags = _t141 - 0x20;
							if(_t141 == 0x20) {
								L19:
								 *0x4237c0 = 1;
								goto L20;
							}
							__eflags = _t141;
							if(_t141 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

0x004031e6
0x004031ea
0x004031f2
0x004031f6
0x004031fb
0x00403207
0x00403210
0x00403215
0x00403218
0x0040321f
0x00403226
0x00403226
0x0040321f
0x00403228
0x0040322d
0x0040322e
0x0040323a
0x0040323e
0x00403244
0x00403252
0x00403257
0x0040325e
0x00403262
0x00403266
0x00403268
0x00403268
0x00403266
0x00403270
0x00403277
0x0040327d
0x00403293
0x004032a3
0x004032a8
0x004032ae
0x004032b5
0x004032c1
0x004032cb
0x004032cd
0x004032cf
0x004032d4
0x004032d4
0x004032e4
0x004032ea
0x004033b3
0x004033b3
0x004033b5
0x004033b7
0x00000000
0x00000000
0x004032f3
0x004032f6
0x004032fe
0x004032fe
0x00403301
0x00403306
0x00403308
0x00403308
0x00403309
0x00403309
0x0040330e
0x00403311
0x004033a3
0x004033a8
0x004033ad
0x004033b0
0x004033b2
0x004033b2
0x004033b2
0x00000000
0x00403317
0x00403317
0x00403318
0x0040331b
0x00403333
0x0040335e
0x00403360
0x00403373
0x0040339e
0x004033a1
0x004033bf
0x004033c2
0x004033cb
0x004033d0
0x004033d6
0x004033e1
0x004033e3
0x004033e8
0x004033ea
0x00403442
0x00403447
0x00403451
0x00403458
0x0040345c
0x004034f0
0x004034f0
0x004034f5
0x004034fb
0x00403500
0x00403624
0x0040362a
0x004036a6
0x004036a6
0x004036ab
0x004036ae
0x004036b0
0x004036b0
0x004036b8
0x004036b8
0x0040363a
0x00403642
0x00403644
0x00403645
0x00403652
0x00403665
0x0040366d
0x00403671
0x00403671
0x00403679
0x0040367e
0x00403685
0x00403693
0x00403695
0x0040369b
0x0040369d
0x00000000
0x00000000
0x00000000
0x00403687
0x0040368d
0x0040368f
0x00403691
0x0040369f
0x004036a1
0x00000000
0x004036a1
0x00000000
0x00403691
0x00403685
0x0040350f
0x00403516
0x00403516
0x00403468
0x004034e0
0x004034e0
0x004034ec
0x00000000
0x004034ec
0x00403471
0x00403475
0x004034ab
0x004034ab
0x004034ad
0x004034b5
0x00403527
0x00403529
0x00403530
0x00403538
0x00403538
0x00403543
0x00403548
0x00403557
0x0040355b
0x0040355c
0x00403565
0x0040355e
0x0040355e
0x0040355e
0x0040356b
0x00403571
0x00403577
0x0040357f
0x0040357f
0x0040358d
0x00403592
0x004035a4
0x004035ac
0x004035b2
0x004035be
0x004035c4
0x004035ce
0x004035e4
0x004035f5
0x004035fb
0x00403602
0x00403605
0x0040360b
0x0040360b
0x00403602
0x0040360f
0x00403615
0x00403615
0x0040361a
0x0040361a
0x00000000
0x00403557
0x004034b7
0x004034b9
0x004034c4
0x00000000
0x00000000
0x004034cc
0x004034d7
0x004034dc
0x00000000
0x004034dc
0x004034a0
0x004034a2
0x004034a6
0x004034a9
0x00000000
0x00000000
0x00000000
0x004034a9
0x00000000
0x004034a2
0x004033f2
0x004033fe
0x00403403
0x00403408
0x0040340a
0x00000000
0x00000000
0x00403412
0x0040341a
0x0040342b
0x00403433
0x00403435
0x0040343a
0x0040343c
0x00000000
0x00000000
0x00000000
0x0040343c
0x00000000
0x004033a1
0x00403362
0x00403365
0x00403368
0x0040336e
0x0040336e
0x0040336e
0x0040336e
0x00000000
0x0040336e
0x0040336a
0x0040336c
0x00000000
0x00000000
0x00000000
0x0040336c
0x0040331d
0x00403320
0x00403323
0x00403329
0x00403329
0x00000000
0x00403329
0x00403325
0x00403327
0x00000000
0x00000000
0x00000000
0x00403327
0x00000000
0x00000000
0x00000000
0x004032f8
0x004032f8
0x004032f8
0x004032f9
0x004032f9
0x00000000
0x004032f8
0x00000000

APIs

SetErrorMode.KERNEL32 ref: 004031FB
GetVersion.KERNEL32 ref: 00403201
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403234
#17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403270
OleInitialize.OLE32(00000000), ref: 00403277
SHGetFileInfoA.SHELL32(0041ECC8,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 00403293
GetCommandLineA.KERNEL32(00422F00,NSIS Error,?,00000006,00000008,0000000A), ref: 004032A8
CharNextA.USER32(00000000,"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" ,00000020,"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" ,00000000,?,00000006,00000008,0000000A), ref: 004032E4
GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 004033E1
GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004033F2
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004033FE
GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 00403412
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 0040341A
SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 0040342B
SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403433
DeleteFileA.KERNEL32(1033,?,00000006,00000008,0000000A), ref: 00403447

Part of subcall function 00406302: GetModuleHandleA.KERNEL32(?,?,?,00403249,0000000A), ref: 00406314
Part of subcall function 00406302: GetProcAddress.KERNEL32(00000000,?), ref: 0040632F

Part of subcall function 00403798: lstrlenA.KERNEL32(004226A0,?,?,?,004226A0,00000000,C:\Users\user\Wavesor Software\WaveBrowser,1033,Wave Browser Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wave Browser Setup: Completed,00000000,00000002,73BCFA90), ref: 00403888
Part of subcall function 00403798: lstrcmpiA.KERNEL32(?,.exe,004226A0,?,?,?,004226A0,00000000,C:\Users\user\Wavesor Software\WaveBrowser,1033,Wave Browser Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wave Browser Setup: Completed,00000000), ref: 0040389B
Part of subcall function 00403798: GetFileAttributesA.KERNEL32(004226A0), ref: 004038A6
Part of subcall function 00403798: LoadImageA.USER32 ref: 004038EF
Part of subcall function 00403798: RegisterClassA.USER32 ref: 0040392C

ExitProcess.KERNEL32(?,?,00000006,00000008,0000000A), ref: 004034F0

Part of subcall function 004036BE: CloseHandle.KERNEL32(FFFFFFFF,004034F5,?,?,00000006,00000008,0000000A), ref: 004036C9

OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 004034F5
ExitProcess.KERNEL32 ref: 00403516
GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 00403633
OpenProcessToken.ADVAPI32(00000000), ref: 0040363A
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403652
AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403671
ExitWindowsEx.USER32(00000002,80040002), ref: 00403695
ExitProcess.KERNEL32 ref: 004036B8

Part of subcall function 00405686: MessageBoxIndirectA.USER32 ref: 004056E1

Strings

NSIS Error, xrefs: 00403299
TMP, xrefs: 0040342E
Low, xrefs: 00403414
TEMP, xrefs: 00403426
C:\Users\user\AppData\Local\Temp\nseBA51.tmp, xrefs: 004034D2
C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe, xrefs: 004035D3
C:\Users\user\Wavesor Software\WaveBrowser, xrefs: 004033C6, 004034C7, 00403571, 0040357A
Error launching installer, xrefs: 004034AD
UXTHEME, xrefs: 00403228, 0040322D, 00403233
SeShutdownPrivilege, xrefs: 0040364C
"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" , xrefs: 004032AE, 004032B4, 0040346B
1572996, xrefs: 00403588
1033, xrefs: 00403442
C:\Users\user\AppData\Local\Temp\, xrefs: 004033D6, 004033DB, 004033F1, 004033FD, 0040340C, 00403419, 00403425, 0040342D, 00403526, 00403537, 00403542, 0040354E, 0040355B, 0040356A, 00403619
.tmp, xrefs: 0040353D
C:\Users\user\Desktop, xrefs: 00403548, 0040354D, 00403579
", xrefs: 00403309
\Temp, xrefs: 004033F8
~nsu, xrefs: 00403521

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Process$Exit$File$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
String ID: "$"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" $.tmp$1033$1572996$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nseBA51.tmp$C:\Users\user\Desktop$C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe$C:\Users\user\Wavesor Software\WaveBrowser$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
API String ID: 562314493-1204015068
Opcode ID: 483ba3a7cdb34d638443db681a1ca3900c5ad5cf2d027fabf9b326830b4d936e
Instruction ID: 9e312bc3f5d3d37e61d45afab2cefd1cff230aa7333539c56d086af75f350ab7
Opcode Fuzzy Hash: 483ba3a7cdb34d638443db681a1ca3900c5ad5cf2d027fabf9b326830b4d936e
Instruction Fuzzy Hash: 90C106706082426AE7216F719D4DB2B3EACEB85706F04457FF581B61E2C77C8A05CB2E

Uniqueness

Uniqueness Score: -1.00%

Function 004051CF, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E004051CF(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x422ee4; // 0x20472
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E00405163, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						FindCloseChangeNotification(_t121);
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00405F8C(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x41fd08;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x422ecc - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423708, 8); // executed
							__eflags =  *0x4237ac - _t150;
							if( *0x4237ac == _t150) {
								_t113 =  *0x41f4e0; // 0x75be64
								E00405091( *((intOrPtr*)(_t113 + 0x34)), _t150); // executed
							}
							E00403FE2(1);
							goto L25;
						}
						 *0x41f0d8 = 2;
						E00403FE2(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404070(_t157, _a12, _a16);
						}
						ShowWindow( *0x422ed0, _t150);
						ShowWindow(_v8, 8);
						E0040403E(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x423714;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x422ed0 = GetDlgItem(_a4, 0x403);
				 *0x422ec8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x422ee4 = _t128;
				_v8 = _t128;
				E0040403E( *0x422ed0);
				 *0x422ed4 = E0040492F(4);
				 *0x422eec = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404009(_a4);
				if(( *0x42371c & 0x00000003) != 0) {
					ShowWindow( *0x422ed0, _t150);
					if(( *0x42371c & 0x00000002) != 0) {
						 *0x422ed0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E0040403E( *0x422ec8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42371c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}

0x004051d5
0x004051dd
0x004051e0
0x004051e8
0x004051eb
0x0040537a
0x00405380
0x0040539d
0x004053a4
0x004053a4
0x004053b0
0x004053b6
0x004053d8
0x004053d8
0x004053de
0x00405433
0x00405433
0x00405436
0x00000000
0x00000000
0x00405438
0x0040543b
0x0040543e
0x00000000
0x00000000
0x00405448
0x0040544e
0x00405450
0x00405453
0x00405550
0x00000000
0x00405550
0x00405462
0x0040546e
0x00405477
0x0040547e
0x00405482
0x00405485
0x0040548e
0x00405494
0x00405497
0x00405497
0x004054a7
0x004054ad
0x004054b0
0x004054bb
0x004054bb
0x004054bc
0x004054bf
0x004054c6
0x004054cd
0x004054d5
0x004054d5
0x004054e3
0x004054e9
0x004054ec
0x004054ec
0x004054f3
0x004054f9
0x00405502
0x00405509
0x00405512
0x00405514
0x00405517
0x00405526
0x00405528
0x0040552b
0x0040552c
0x0040552f
0x00405530
0x00405531
0x00405531
0x00405539
0x00405544
0x0040554a
0x0040554a
0x00000000
0x004054b0
0x004053e0
0x004053e6
0x00405414
0x00405416
0x0040541c
0x0040541e
0x00405427
0x00405427
0x0040542e
0x00000000
0x0040542e
0x004053ea
0x004053f4
0x00000000
0x004053b8
0x004053b8
0x004053be
0x004053f9
0x00000000
0x00405400
0x004053c7
0x004053ce
0x004053d3
0x00000000
0x004053d3
0x004053b6
0x004051f1
0x004051f5
0x004051fd
0x00405201
0x00405204
0x00405207
0x0040520a
0x0040520d
0x0040520e
0x0040520f
0x00405228
0x0040522b
0x00405235
0x00405244
0x0040524c
0x00405254
0x00405259
0x0040525c
0x00405268
0x00405271
0x0040527a
0x0040529c
0x004052a2
0x004052b3
0x004052b8
0x004052c6
0x004052d4
0x004052d4
0x004052d9
0x004052e7
0x004052e7
0x004052ec
0x004052ef
0x004052f4
0x00405300
0x00405309
0x00405316
0x00405325
0x00405318
0x0040531d
0x0040531d
0x00405331
0x00405331
0x00405345
0x0040534e
0x00405357
0x00405367
0x00405373
0x00405373
0x00000000

APIs

GetDlgItem.USER32 ref: 0040522E
GetDlgItem.USER32 ref: 0040523D
GetClientRect.USER32 ref: 0040527A
GetSystemMetrics.USER32 ref: 00405281
SendMessageA.USER32 ref: 004052A2
SendMessageA.USER32 ref: 004052B3
SendMessageA.USER32 ref: 004052C6
SendMessageA.USER32 ref: 004052D4
SendMessageA.USER32 ref: 004052E7
ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405309
ShowWindow.USER32(?,00000008), ref: 0040531D
GetDlgItem.USER32 ref: 0040533E
SendMessageA.USER32 ref: 0040534E
SendMessageA.USER32 ref: 00405367
SendMessageA.USER32 ref: 00405373
GetDlgItem.USER32 ref: 0040524C

Part of subcall function 0040403E: SendMessageA.USER32 ref: 0040404C

GetDlgItem.USER32 ref: 0040538F
CreateThread.KERNEL32(00000000,00000000,Function_00005163,00000000), ref: 0040539D
FindCloseChangeNotification.KERNEL32(00000000), ref: 004053A4
ShowWindow.USER32(00000000), ref: 004053C7
ShowWindow.USER32(?,00000008), ref: 004053CE
ShowWindow.USER32(00000008), ref: 00405414
SendMessageA.USER32 ref: 00405448
CreatePopupMenu.USER32 ref: 00405459
AppendMenuA.USER32 ref: 0040546E
GetWindowRect.USER32 ref: 0040548E
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004054A7
SendMessageA.USER32 ref: 004054E3
OpenClipboard.USER32(00000000), ref: 004054F3
EmptyClipboard.USER32 ref: 004054F9
GlobalAlloc.KERNEL32(00000042,?), ref: 00405502
GlobalLock.KERNEL32 ref: 0040550C
SendMessageA.USER32 ref: 00405520
GlobalUnlock.KERNEL32(00000000), ref: 00405539
SetClipboardData.USER32(00000001,00000000), ref: 00405544
CloseClipboard.USER32 ref: 0040554A

Strings

Wave Browser Setup: Completed, xrefs: 004054BF

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
String ID: Wave Browser Setup: Completed
API String ID: 4154960007-3190555741
Opcode ID: 3a9281ed8a789c1f11ab91822155f9eb880975752d287774625736a89b1e06cb
Instruction ID: 0e806a1c10c1a3103ec1b6ff030541c572903ae85d70ab094f2e75f2d1af7317
Opcode Fuzzy Hash: 3a9281ed8a789c1f11ab91822155f9eb880975752d287774625736a89b1e06cb
Instruction Fuzzy Hash: ABA15AB1900209BFDB219FA4DD89AAE7F79FB04355F10403AFA04B62A0C7B55E41DF69

Uniqueness

Uniqueness Score: -1.00%

Function 00405732, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 98%

			E00405732(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E004059F0(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x4237a8 =  *0x4237a8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00405F6A(0x420d10, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405949(_t73);
					} else {
						lstrcatA(0x420d10, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x409014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]); // executed
						_t40 = FindFirstFileA(0x420d10,  &_v336); // executed
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E0040592D( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00405F6A(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004056EA(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405091(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x4237a8 =  *0x4237a8 + 1;
										} else {
											E00405091(0xfffffff1, _t73);
											E00405D49(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405732(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336); // executed
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x420d10 - 0x5c;
					if( *0x420d10 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E0040626D(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405902(_t73);
							_t40 = E004056EA(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405091(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405091(0xfffffff1, _t73);
							return E00405D49(_t72, _t73, 0);
						}
						L33:
						 *0x4237a8 =  *0x4237a8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

0x0040573c
0x00405741
0x0040574a
0x0040574d
0x00405755
0x00405758
0x0040575b
0x00405763
0x00405765
0x00405766
0x00000000
0x00405766
0x00405771
0x00405774
0x00405774
0x00405774
0x00405778
0x0040578b
0x00405792
0x00405797
0x0040579b
0x004057ab
0x0040579d
0x004057a3
0x004057a3
0x004057b0
0x004057b3
0x004057be
0x004057c4
0x004057c9
0x004057d9
0x004057db
0x004057e1
0x004057e4
0x004057e7
0x0040589f
0x0040589f
0x004058a3
0x004058a5
0x004058a5
0x004058a5
0x004058a5
0x00000000
0x00000000
0x00000000
0x00000000
0x004057ed
0x004057ed
0x004057f6
0x004057fc
0x00405801
0x00405804
0x00405806
0x0040580a
0x0040580c
0x0040580c
0x0040580a
0x0040580f
0x00405812
0x00405825
0x00405827
0x0040582c
0x00405833
0x0040584e
0x00405853
0x00405855
0x00405879
0x00405857
0x00405857
0x0040585a
0x0040586e
0x0040585c
0x0040585f
0x00405867
0x00405867
0x0040585a
0x00405835
0x0040583b
0x0040583d
0x00405843
0x00405843
0x0040583d
0x00000000
0x00405833
0x00405814
0x00405817
0x00405819
0x00000000
0x00000000
0x0040581b
0x0040581d
0x00000000
0x00000000
0x0040581f
0x00405823
0x00000000
0x00000000
0x00000000
0x0040587e
0x00405888
0x0040588e
0x0040588e
0x00405899
0x00000000
0x00405899
0x004057b5
0x004057bc
0x00000000
0x00000000
0x00000000
0x0040577a
0x0040577a
0x0040577c
0x004058a9
0x004058ab
0x004058ae
0x004058ff
0x004058ff
0x004058ff
0x004058b0
0x004058b3
0x004058be
0x004058c3
0x004058c5
0x00000000
0x00000000
0x004058c8
0x004058d4
0x004058d9
0x004058db
0x00000000
0x004058f6
0x004058dd
0x004058e0
0x00000000
0x00000000
0x004058e5
0x00000000
0x004058ec
0x004058b5
0x004058b5
0x00000000
0x004058b5
0x00405782
0x00405785
0x00000000
0x00000000
0x00000000
0x00405785

APIs

DeleteFileA.KERNEL32(?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040575B
lstrcatA.KERNEL32(00420D10,\*.*,00420D10,?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057A3
lstrcatA.KERNEL32(?,00409014,?,00420D10,?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057C4
lstrlenA.KERNEL32(?,?,00409014,?,00420D10,?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057CA
FindFirstFileA.KERNEL32(00420D10,?,?,?,00409014,?,00420D10,?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057DB
FindNextFileA.KERNELBASE(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405888
FindClose.KERNEL32(00000000), ref: 00405899

Strings

"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" , xrefs: 00405732
C:\Users\user\AppData\Local\Temp\, xrefs: 0040573F
\*.*, xrefs: 0040579D

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: "C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
API String ID: 2035342205-1151447010
Opcode ID: f68f1787a7535e61b3df604e6a8492ba07a213b852bbd40fa4bcb335dd7bb391
Instruction ID: 4530166bbd706fa81c440e6583376772d6fc270faa34d54a03d6882d8fc6be8c
Opcode Fuzzy Hash: f68f1787a7535e61b3df604e6a8492ba07a213b852bbd40fa4bcb335dd7bb391
Instruction Fuzzy Hash: 7351B332904A09BADB216B728C45BAF7A78DF42714F14817BF841B11D2D73C8952DEA9

Uniqueness

Uniqueness Score: -1.00%

Function 004065F6, Relevance: 5.4, APIs: 4, Instructions: 382
COMMONCrypto

Download Yara Rule

C-Code - Quality: 98%

			E004065F6() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406E99))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4)); // executed
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}

0x00000000
0x004065f6
0x004065f6
0x004065fb
0x00406672
0x00406679
0x00406683
0x00406c62
0x00406c62
0x00406c65
0x00406c65
0x00406c6b
0x00406c71
0x00406c77
0x00406c91
0x00406c94
0x00406c9a
0x00406ca5
0x00406ca7
0x00406c79
0x00406c79
0x00406c88
0x00406c8c
0x00406c8c
0x00406cb1
0x00406cd8
0x00406cd8
0x00406cde
0x00406cde
0x00000000
0x00406cb3
0x00406cb3
0x00406cb7
0x00406e66
0x00000000
0x00406e66
0x00406cc3
0x00406cca
0x00406cd2
0x00406cd5
0x00000000
0x00406cd5
0x004065fd
0x004065fd
0x00406601
0x00406609
0x0040660c
0x0040660e
0x00406611
0x00406613
0x00406618
0x0040661b
0x00406622
0x00406629
0x0040662c
0x00406637
0x0040663f
0x0040663f
0x00406639
0x00406639
0x00406639
0x0040662e
0x0040662e
0x0040662e
0x00406646
0x00406664
0x00406666
0x00406839
0x00406839
0x0040683c
0x0040683f
0x00406842
0x00406845
0x00406848
0x0040684b
0x0040684e
0x00406851
0x00406857
0x0040686f
0x00406872
0x00406875
0x00406878
0x00406878
0x0040687b
0x00406881
0x00406859
0x00406859
0x00406861
0x00406866
0x00406868
0x0040686a
0x0040686a
0x0040688b
0x0040688e
0x00406831
0x00406837
0x00000000
0x00000000
0x00000000
0x00406890
0x0040680c
0x00406810
0x00406e18
0x00000000
0x00406e18
0x00406816
0x00406819
0x0040681c
0x00406820
0x00406823
0x00406829
0x0040682b
0x0040682b
0x0040682e
0x00000000
0x0040682e
0x00406648
0x00406648
0x0040664b
0x00406651
0x00406653
0x00406653
0x00406656
0x00406659
0x0040665b
0x0040665c
0x0040665f
0x004066cc
0x004066cc
0x004066d0
0x004066d3
0x004066d6
0x004066d9
0x004066dc
0x004066dd
0x004066e0
0x004066e2
0x004066e8
0x004066eb
0x004066ee
0x004066f1
0x004066f4
0x004066fa
0x00406716
0x00406719
0x0040671c
0x0040671f
0x00406726
0x0040672c
0x00406730
0x004066fc
0x004066fc
0x00406700
0x00406708
0x0040670d
0x0040670f
0x00406711
0x00406711
0x0040673a
0x0040673d
0x004066b4
0x004066b4
0x004066ba
0x0040676d
0x00406773
0x00000000
0x00000000
0x00406775
0x00406778
0x0040677b
0x0040677e
0x00406781
0x00406784
0x00406787
0x0040678a
0x0040678d
0x00406793
0x004067ab
0x004067ae
0x004067b1
0x004067b4
0x004067b4
0x004067b7
0x004067bd
0x00406795
0x00406795
0x0040679d
0x004067a2
0x004067a4
0x004067a6
0x004067a6
0x004067c7
0x004067ca
0x00406748
0x0040674c
0x00406e0c
0x00000000
0x00406e0c
0x00406752
0x00406755
0x00406758
0x0040675c
0x0040675f
0x00406765
0x00406767
0x00406767
0x0040676a
0x0040676a
0x004067ca
0x004067d1
0x004067d1
0x004067d1
0x004067d5
0x004067d5
0x004067d8
0x004067db
0x004067df
0x00406e24
0x00000000
0x00406e24
0x004067e5
0x004067e8
0x004067eb
0x004067ee
0x004067f1
0x004067f4
0x004067f7
0x004067f9
0x004067fc
0x004067ff
0x00406802
0x00406804
0x00406804
0x00406804
0x004069a1
0x004069a1
0x004069a4
0x004069a4
0x00000000
0x004069a4
0x004066c6
0x00000000
0x00000000
0x00000000
0x00406743
0x0040668f
0x00406693
0x00406e00
0x00406e7c
0x00406e84
0x00406e8b
0x00406e8d
0x00406e94
0x00406e98
0x00406e98
0x00406699
0x0040669c
0x0040669f
0x004066a3
0x004066a6
0x004066ac
0x004066ae
0x004066ae
0x004066b1
0x00000000
0x004066b1
0x0040673d
0x00406646
0x0040647a
0x0040647a
0x00406483
0x00406e91
0x00406e91
0x00000000
0x00406e91
0x00406489
0x00000000
0x00406494
0x00000000
0x00000000
0x0040649d
0x004064a0
0x004064a3
0x004064a7
0x00000000
0x00000000
0x004064ad
0x004064b0
0x004064b2
0x004064b3
0x004064b6
0x004064b8
0x004064b9
0x004064bb
0x004064be
0x004064c3
0x004064c8
0x004064d1
0x004064e4
0x004064e7
0x004064f3
0x0040651b
0x0040651d
0x0040652b
0x0040652b
0x0040652f
0x00000000
0x00000000
0x00000000
0x00000000
0x0040651f
0x0040651f
0x00406522
0x00406523
0x00406523
0x00000000
0x0040651f
0x004064f9
0x004064fe
0x004064fe
0x00406507
0x0040650f
0x00406512
0x00000000
0x00406518
0x00406518
0x00000000
0x00406518
0x00000000
0x00406535
0x00406535
0x00406539
0x00406de5
0x00000000
0x00406de5
0x00406542
0x00406552
0x00406555
0x00406558
0x00406558
0x00406558
0x0040655b
0x0040655f
0x00000000
0x00000000
0x00406561
0x00406567
0x00406591
0x00406597
0x0040659e
0x00000000
0x0040659e
0x0040656d
0x00406570
0x00406575
0x00406575
0x00406580
0x00406588
0x0040658b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004065d0
0x004065d6
0x004065d9
0x004065e6
0x004065ee
0x00000000
0x00000000
0x004065a5
0x004065a5
0x004065a9
0x00406df4
0x00000000
0x00406df4
0x004065b5
0x004065c0
0x004065c0
0x004065c0
0x004065c3
0x004065c6
0x004065c9
0x004065ce
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00406895
0x00406899
0x004068b7
0x004068ba
0x004068c1
0x004068c4
0x004068c7
0x004068ca
0x004068cd
0x004068d0
0x004068d2
0x004068d9
0x004068da
0x004068dc
0x004068df
0x004068e2
0x004068e5
0x004068e5
0x004068ea
0x00000000
0x004068ea
0x0040689b
0x0040689e
0x004068a1
0x004068ab
0x00000000
0x00000000
0x004068ff
0x00406903
0x00406926
0x00406929
0x0040692c
0x00406936
0x00406905
0x00406905
0x00406908
0x0040690b
0x0040690e
0x0040691b
0x0040691e
0x0040691e
0x00000000
0x00000000
0x00406942
0x00406946
0x00000000
0x00000000
0x0040694c
0x00406950
0x00000000
0x00000000
0x00406956
0x00406958
0x0040695c
0x0040695c
0x0040695f
0x00406963
0x00000000
0x00000000
0x004069b3
0x004069b7
0x004069be
0x004069c1
0x004069c4
0x004069ce
0x00000000
0x004069ce
0x004069b9
0x00000000
0x00000000
0x004069da
0x004069de
0x004069e5
0x004069e8
0x004069eb
0x004069e0
0x004069e0
0x004069e0
0x004069ee
0x004069f1
0x004069f4
0x004069f4
0x004069f7
0x004069fa
0x004069fd
0x004069fd
0x00406a00
0x00406a07
0x00406a0c
0x00000000
0x00000000
0x00406a9a
0x00406a9a
0x00406a9e
0x00406e3c
0x00000000
0x00406e3c
0x00406aa4
0x00406aa7
0x00406aaa
0x00406aae
0x00406ab1
0x00406ab7
0x00406ab9
0x00406ab9
0x00406ab9
0x00406abc
0x00406abf
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00406b1d
0x00406b1d
0x00406b21
0x00406e48
0x00000000
0x00406e48
0x00406b27
0x00406b2a
0x00406b2d
0x00406b31
0x00406b34
0x00406b3a
0x00406b3c
0x00406b3c
0x00406b3c
0x00406b3f
0x00000000
0x00000000
0x004068ed
0x004068ed
0x004068f0
0x00000000
0x00000000
0x00406c2c
0x00406c30
0x00406c52
0x00406c55
0x00406c5f
0x00000000
0x00406c5f
0x00406c32
0x00406c35
0x00406c39
0x00406c3c
0x00406c3c
0x00406c3f
0x00000000
0x00000000
0x00406ce9
0x00406ced
0x00406d0b
0x00406d0b
0x00406d0b
0x00406d12
0x00406d19
0x00406d20
0x00406d20
0x00000000
0x00406d20
0x00406cef
0x00406cf2
0x00406cf5
0x00406cf8
0x00406cff
0x00406c43
0x00406c43
0x00406c46
0x00000000
0x00000000
0x00406dda
0x00406ddd
0x00000000
0x00000000
0x00406a14
0x00406a16
0x00406a1d
0x00406a1e
0x00406a20
0x00406a23
0x00000000
0x00000000
0x00406a2b
0x00406a2e
0x00406a31
0x00406a33
0x00406a35
0x00406a35
0x00406a36
0x00406a39
0x00406a40
0x00406a43
0x00406a51
0x00000000
0x00000000
0x00406d27
0x00406d27
0x00406d2a
0x00406d31
0x00000000
0x00000000
0x00406d36
0x00406d36
0x00406d3a
0x00406e72
0x00000000
0x00406e72
0x00406d40
0x00406d43
0x00406d46
0x00406d4a
0x00406d4d
0x00406d53
0x00406d55
0x00406d55
0x00406d55
0x00406d58
0x00406d5b
0x00406d5b
0x00406d5b
0x00406d5b
0x00406d5e
0x00406d5e
0x00406d62
0x00406dc2
0x00406dc5
0x00406dca
0x00406dcb
0x00406dcd
0x00406dcf
0x00406dd2
0x00000000
0x00406dd2
0x00406d64
0x00406d6a
0x00406d6d
0x00406d70
0x00406d73
0x00406d76
0x00406d79
0x00406d7c
0x00406d7f
0x00406d82
0x00406d85
0x00406d9e
0x00406da1
0x00406da4
0x00406da7
0x00406dab
0x00406dad
0x00406dad
0x00406dae
0x00406db1
0x00406d87
0x00406d87
0x00406d8f
0x00406d94
0x00406d96
0x00406d99
0x00406d99
0x00406db4
0x00406dbb
0x00000000
0x00406dbd
0x00000000
0x00406dbd
0x00000000
0x00406a59
0x00406a5c
0x00406a92
0x00406bc2
0x00406bc2
0x00406bc2
0x00406bc2
0x00406bc5
0x00406bc5
0x00406bc8
0x00406bca
0x00406e54
0x00000000
0x00406e54
0x00406bd0
0x00406bd3
0x00000000
0x00000000
0x00406bd9
0x00406bdd
0x00406be0
0x00406be0
0x00406be0
0x00000000
0x00406be0
0x00406a5e
0x00406a60
0x00406a62
0x00406a64
0x00406a67
0x00406a68
0x00406a6a
0x00406a6c
0x00406a6f
0x00406a72
0x00406a88
0x00406a8d
0x00406ac5
0x00406ac5
0x00406ac9
0x00406af5
0x00406af7
0x00406afe
0x00406b01
0x00406b04
0x00406b04
0x00406b09
0x00406b09
0x00406b0b
0x00406b0e
0x00406b15
0x00406b18
0x00406b45
0x00406b45
0x00406b48
0x00406b4b
0x00406bbf
0x00406bbf
0x00406bbf
0x00000000
0x00406bbf
0x00406b4d
0x00406b53
0x00406b56
0x00406b59
0x00406b5c
0x00406b5f
0x00406b62
0x00406b65
0x00406b68
0x00406b6b
0x00406b6e
0x00406b87
0x00406b89
0x00406b8c
0x00406b8d
0x00406b90
0x00406b92
0x00406b95
0x00406b97
0x00406b99
0x00406b9c
0x00406b9e
0x00406ba1
0x00406ba5
0x00406ba7
0x00406ba7
0x00406ba8
0x00406bab
0x00406bae
0x00406b70
0x00406b70
0x00406b78
0x00406b7d
0x00406b7f
0x00406b82
0x00406b82
0x00406bb1
0x00406bb8
0x00406b42
0x00406b42
0x00406b42
0x00406b42
0x00000000
0x00406bba
0x00000000
0x00406bba
0x00406bb8
0x00406acb
0x00406ace
0x00406ad0
0x00406ad3
0x00406ad6
0x00406ad9
0x00406adb
0x00406ade
0x00406ae1
0x00406ae1
0x00406ae4
0x00406ae4
0x00406ae7
0x00406aee
0x00406ac2
0x00406ac2
0x00406ac2
0x00406ac2
0x00000000
0x00406af0
0x00000000
0x00406af0
0x00406aee
0x00406a74
0x00406a77
0x00406a79
0x00406a7c
0x00000000
0x00000000
0x00000000
0x00000000
0x00406966
0x00406966
0x0040696a
0x00406e30
0x00000000
0x00406e30
0x00406970
0x00406973
0x00406976
0x00406979
0x0040697b
0x0040697b
0x0040697b
0x0040697e
0x00406981
0x00406984
0x00406987
0x0040698a
0x0040698d
0x0040698e
0x00406990
0x00406990
0x00406990
0x00406993
0x00406996
0x00406999
0x0040699c
0x0040699c
0x0040699c
0x0040699f
0x00000000
0x00000000
0x00406be3
0x00406be3
0x00406be3
0x00406be7
0x00000000
0x00000000
0x00406bed
0x00406bf0
0x00406bf3
0x00406bf6
0x00406bf8
0x00406bf8
0x00406bf8
0x00406bfb
0x00406bfe
0x00406c01
0x00406c04
0x00406c07
0x00406c0a
0x00406c0b
0x00406c0d
0x00406c0d
0x00406c0d
0x00406c10
0x00406c13
0x00406c16
0x00406c19
0x00406c1c
0x00406c20
0x00406c22
0x00406c25
0x00000000
0x00406c27
0x00000000
0x00406c27
0x00406c25
0x00406e5a
0x00000000
0x00000000
0x00406489

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48b772c591d60bd120ceb21c558333e6da892a782e2c7f4c33aa573d96a0a8bb
Instruction ID: 5cdea38fe39661480990cc8a004f6d9d9bf1a0cca829e9caf547f016d39c1b54
Opcode Fuzzy Hash: 48b772c591d60bd120ceb21c558333e6da892a782e2c7f4c33aa573d96a0a8bb
Instruction Fuzzy Hash: 7BF17475D00229CBDF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7385A86CF44

Uniqueness

Uniqueness Score: -1.00%

Function 0040626D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040626D(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x421558); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x421558;
			}

0x00406278
0x00406281
0x00000000
0x0040628e
0x00406284
0x00000000

APIs

FindFirstFileA.KERNEL32(73BCFA90,00421558,C:\,00405A33,C:\,C:\,00000000,C:\,C:\,73BCFA90,?,C:\Users\user\AppData\Local\Temp\,00405752,?,73BCFA90,C:\Users\user\AppData\Local\Temp\), ref: 00406278
FindClose.KERNEL32(00000000), ref: 00406284

Strings

C:\, xrefs: 0040626D

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: C:\
API String ID: 2295610775-3404278061
Opcode ID: fb61142ecab510d9bb051178c92cda44e9a3fae507c1338c77e1024ce068b834
Instruction ID: 4b5b4fac396428ba6811cbdb79132df6df7f7590a8a38978907140e3512fee8b
Opcode Fuzzy Hash: fb61142ecab510d9bb051178c92cda44e9a3fae507c1338c77e1024ce068b834
Instruction Fuzzy Hash: 9AD012319190246BC3402B387D0C84B7B599B553317128B77F96BF16F0C3389C7286EA

Uniqueness

Uniqueness Score: -1.00%

Function 00403B35, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00403B35(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x41fcf0 = _t35;
					if(_t116 == 0x110) {
						 *0x423708 = _t126;
						 *0x41fd04 = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41ecd0 = _t92;
						E00404009(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x422ee8); // executed
						 *0x422ecc = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x41fcf0 = 1;
					}
					_t123 =  *0x4091dc; // 0x3
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x423740;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E00404055(0x40b);
						while(1) {
							_t37 =  *0x41fcf0; // 0x1
							 *0x4091dc =  *0x4091dc + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x4091dc; // 0x3
							__eflags = _t39 -  *0x423744;
							if(_t39 ==  *0x423744) {
								E0040140B(1);
							}
							__eflags =  *0x422ecc - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x4091dc -  *0x423744; // 0x3
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E00405F8C(_t117, _t126, _t131, 0x42b800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E00404009(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E00404009(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E00404009(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x4237ac - _t134;
							_v32 = _t49;
							if( *0x4237ac != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008); // executed
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100); // executed
							E0040402B(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x41ecd0, _t118); // executed
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x4237ac - _t134;
							if( *0x4237ac == _t134) {
								_push( *0x41fd04);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x41ecd0);
							}
							E0040403E();
							E00405F6A(0x41fd08, E00403B16());
							E00405F8C(0x41fd08, _t126, _t131,  &(0x41fd08[lstrlenA(0x41fd08)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x41fd08); // executed
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x422ed8); // executed
									 *0x41f4e0 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x423700,  *_t131 +  *0x422ee0 & 0x0000ffff, _t126,  *(0x4091e0 +  *(_t131 + 4) * 4), _t131); // executed
									__eflags = _t74 - _t134;
									 *0x422ed8 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E00404009(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x422ed8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x422ecc - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x422ed8, 8); // executed
									E00404055(0x405);
									goto L58;
								}
								__eflags =  *0x4237ac - _t134;
								if( *0x4237ac != _t134) {
									goto L61;
								}
								__eflags =  *0x4237a0 - _t134;
								if( *0x4237a0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x422ed8); // executed
						 *0x423708 = _t134;
						EndDialog(_t126,  *0x41f0d8); // executed
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x422ed8, 0x40f, 0, 1);
						__eflags =  *0x422ecc - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x41fce8, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x41fce8,  ~(_a12 - 1) & _t116); // executed
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404070(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x422ed8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x4237ac - _t134;
										if( *0x4237ac == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x41f0d8 = 1;
											L21:
											_push(0x78);
											L22:
											E00403FE2();
											goto L26;
										}
										E0040140B(_t128);
										 *0x41f0d8 = _t128;
										goto L21;
									}
									__eflags =  *0x4091dc - _t134; // 0x3
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x422ed8); // executed
						 *0x422ed8 = _a12;
						L58:
						if( *0x420d08 == _t134) {
							_t143 =  *0x422ed8 - _t134; // 0x2045e
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa); // executed
								 *0x420d08 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}

0x00403b3e
0x00403b47
0x00403c88
0x00403c8c
0x00403c90
0x00403c92
0x00403c97
0x00403ca2
0x00403cad
0x00403cb2
0x00403cb4
0x00403cb6
0x00403cb9
0x00403cbe
0x00403ccc
0x00403cd9
0x00403ce0
0x00403ce0
0x00403ce1
0x00403ce1
0x00403ce6
0x00403cec
0x00403cf3
0x00403cf9
0x00403cfb
0x00403d3b
0x00403d40
0x00403d45
0x00403d45
0x00403d4a
0x00403d53
0x00403d55
0x00403d5a
0x00403d60
0x00403d64
0x00403d64
0x00403d69
0x00403d6f
0x00000000
0x00000000
0x00403d7a
0x00403d80
0x00000000
0x00000000
0x00403d89
0x00403d91
0x00403d96
0x00403d99
0x00403d9f
0x00403da4
0x00403da7
0x00403dad
0x00403db2
0x00403db5
0x00403dbb
0x00403dc3
0x00403dc9
0x00403dcf
0x00403dd3
0x00403dda
0x00403dda
0x00403dda
0x00403de4
0x00403df6
0x00403e02
0x00403e07
0x00403e11
0x00403e17
0x00403e19
0x00403e1e
0x00403e1b
0x00403e1b
0x00403e1b
0x00403e2e
0x00403e46
0x00403e48
0x00403e4e
0x00403e63
0x00403e50
0x00403e59
0x00403e5b
0x00403e5b
0x00403e69
0x00403e7a
0x00403e8b
0x00403e92
0x00403e98
0x00403e9c
0x00403ea1
0x00403ea3
0x00000000
0x00403ea9
0x00403ea9
0x00403eab
0x00000000
0x00000000
0x00403eb1
0x00403eb5
0x00403eda
0x00403ee0
0x00403ee6
0x00403ee8
0x00000000
0x00000000
0x00403f0e
0x00403f14
0x00403f16
0x00403f1b
0x00000000
0x00000000
0x00403f21
0x00403f24
0x00403f27
0x00403f3e
0x00403f4a
0x00403f63
0x00403f69
0x00403f6d
0x00403f72
0x00403f78
0x00000000
0x00000000
0x00403f82
0x00403f8d
0x00000000
0x00403f8d
0x00403eb7
0x00403ebd
0x00000000
0x00000000
0x00403ec3
0x00403ec9
0x00000000
0x00000000
0x00000000
0x00403ecf
0x00403ea3
0x00403f9a
0x00403fa6
0x00403fad
0x00000000
0x00403cfd
0x00403cfd
0x00403d00
0x00403d33
0x00403d33
0x00403d35
0x00000000
0x00000000
0x00000000
0x00403d35
0x00403d02
0x00403d06
0x00403d0b
0x00403d0d
0x00000000
0x00000000
0x00403d1d
0x00403d25
0x00000000
0x00403d2b
0x00403b59
0x00403b59
0x00403b5d
0x00403b62
0x00403b71
0x00403b71
0x00403b7a
0x00403b83
0x00403b8e
0x00403b8e
0x00403b9a
0x00403bb6
0x00403bb9
0x00403bcc
0x00403bd2
0x00403c75
0x00000000
0x00403c7e
0x00403bd8
0x00403be5
0x00403be7
0x00403be9
0x00403c08
0x00403c08
0x00403c0b
0x00403c10
0x00403c13
0x00403c23
0x00403c24
0x00403c26
0x00403c5c
0x00403c6f
0x00000000
0x00403c6f
0x00403c28
0x00403c2e
0x00403c47
0x00403c4c
0x00403c4e
0x00000000
0x00000000
0x00403c50
0x00403c3c
0x00403c3c
0x00403c3e
0x00403c3e
0x00000000
0x00403c3e
0x00403c31
0x00403c36
0x00000000
0x00403c36
0x00403c15
0x00403c1b
0x00000000
0x00000000
0x00403c1d
0x00000000
0x00403c1d
0x00403c0d
0x00000000
0x00403c0d
0x00403bf3
0x00403bfa
0x00403c00
0x00403c02
0x00000000
0x00000000
0x00000000
0x00403c02
0x00403bbe
0x00000000
0x00403b9c
0x00403ba2
0x00403bac
0x00403fb3
0x00403fb9
0x00403fbb
0x00403fc1
0x00403fc6
0x00403fcc
0x00403fcc
0x00403fc1
0x00403fd6
0x00000000
0x00403fd6
0x00403b9a

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B71
ShowWindow.USER32(?), ref: 00403B8E
DestroyWindow.USER32 ref: 00403BA2
SetWindowLongA.USER32 ref: 00403BBE
GetDlgItem.USER32 ref: 00403BDF
SendMessageA.USER32 ref: 00403BF3
IsWindowEnabled.USER32(00000000), ref: 00403BFA
GetDlgItem.USER32 ref: 00403CA8
GetDlgItem.USER32 ref: 00403CB2
KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403CCC
SendMessageA.USER32 ref: 00403D1D
GetDlgItem.USER32 ref: 00403DC3
ShowWindow.USER32(00000000,?), ref: 00403DE4
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403DF6
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E11
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403E27
EnableMenuItem.USER32 ref: 00403E2E
SendMessageA.USER32 ref: 00403E46
SendMessageA.USER32 ref: 00403E59
lstrlenA.KERNEL32(Wave Browser Setup: Completed,?,Wave Browser Setup: Completed,00000000), ref: 00403E83
SetWindowTextA.USER32(?,Wave Browser Setup: Completed), ref: 00403E92
ShowWindow.USER32(?,0000000A), ref: 00403FC6

Strings

Wave Browser Setup: Completed, xrefs: 00403E73, 00403E79, 00403E82, 00403E90

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Window$Item$MessageSend$CallbackDispatcherShowUser$Menu$DestroyEnableEnabledLongSystemTextlstrlen
String ID: Wave Browser Setup: Completed
API String ID: 2523155381-3190555741
Opcode ID: 05387db83c01577c3a6776a36a7a5abe3735367355a95d1901617aca2af9034d
Instruction ID: ece9219a4d70184b68c45d6c06b8272552e5c94251c83fd0e936414de4f8c744
Opcode Fuzzy Hash: 05387db83c01577c3a6776a36a7a5abe3735367355a95d1901617aca2af9034d
Instruction Fuzzy Hash: 7AC1C0B1A04205BBDB206F61EE48E2B3E7DFB45706F40453EF601B11E1C779A9429B6E

Uniqueness

Uniqueness Score: -1.00%

Function 00403798, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 96%

			E00403798(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x423714;
				_t17 = E00406302(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x41fd08;
					"1033" = 0x30;
					 *0x42a001 = 0x78;
					 *0x42a002 = 0;
					E00405E51(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x41fd08, 0);
					__eflags =  *0x41fd08; // 0x57
					if(__eflags == 0) {
						E00405E51(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407362, 0x41fd08, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E00405EC8("1033",  *_t17() & 0x0000ffff);
				}
				E00403A5D(_t71, _t84);
				_t80 = "C:\\Users\\jones\\Wavesor Software\\WaveBrowser";
				 *0x4237a0 =  *0x42371c & 0x00000020;
				 *0x4237bc = 0x10000;
				if(E004059F0(_t84, "C:\\Users\\jones\\Wavesor Software\\WaveBrowser") != 0) {
					L16:
					if(E004059F0(_t92, _t80) == 0) {
						E00405F8C(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x423700, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x422ee8 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403A5D(_t71, __eflags);
							__eflags =  *0x4237c0;
							if( *0x4237c0 != 0) {
								_t28 = E00405163(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x422ecc; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x41fce8, 5); // executed
							_t34 = E00406294("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E00406294("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x422ea0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x422ea0);
								 *0x422ec4 = _t81;
								RegisterClassA(0x422ea0);
							}
							_t36 =  *0x422ee0; // 0x0
							_t39 = DialogBoxParamA( *0x423700, _t36 + 0x00000069 & 0x0000ffff, 0, E00403B35, 0); // executed
							E004036E8(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x423700;
						 *0x422ea4 = E00401000;
						 *0x422eb0 =  *0x423700;
						 *0x422eb4 = _t25;
						 *0x422ec4 = 0x4091f4;
						if(RegisterClassA(0x422ea0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x41fce8 = CreateWindowExA(0x80, 0x4091f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423700, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x4226a0;
					E00405E51(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x423758, 0x4226a0, 0);
					_t57 =  *0x4226a0; // 0x0
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x4226a1;
						 *((char*)(E0040592D(0x4226a1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00405F6A(_t80, E00405902(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405949(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

0x0040379e
0x004037a7
0x004037ae
0x004037b0
0x004037c4
0x004037d6
0x004037dd
0x004037e4
0x004037ea
0x004037ef
0x004037f5
0x00403808
0x00403808
0x00403813
0x004037b2
0x004037bd
0x004037bd
0x00403818
0x00403822
0x0040382b
0x00403830
0x00403841
0x004038c8
0x004038d0
0x004038d9
0x004038d9
0x004038ef
0x004038f5
0x00403903
0x00403984
0x0040398c
0x00403996
0x0040399b
0x004039a1
0x00403a2b
0x00403a30
0x00403a32
0x00403a4e
0x00000000
0x00403a4e
0x00403a34
0x00403a3a
0x00403a42
0x00403a42
0x00000000
0x00403a3a
0x004039af
0x004039ba
0x004039bf
0x004039c1
0x004039c8
0x004039c8
0x004039d3
0x004039db
0x004039dd
0x004039df
0x004039e8
0x004039eb
0x004039f1
0x004039f1
0x004039f7
0x00403a10
0x00403a21
0x00000000
0x00403a26
0x0040398e
0x00403990
0x00000000
0x00403905
0x00403905
0x00403911
0x0040391b
0x00403921
0x00403926
0x00403935
0x00403a53
0x00403a53
0x00000000
0x00403a53
0x00403944
0x0040397f
0x00000000
0x0040397f
0x00403847
0x00403847
0x0040384a
0x0040384c
0x00000000
0x00000000
0x00403856
0x00403866
0x0040386b
0x00403872
0x00000000
0x00000000
0x00403876
0x00403878
0x00403885
0x00403885
0x0040388d
0x00403893
0x004038bb
0x004038c3
0x00000000
0x004038a5
0x004038a6
0x004038af
0x004038b5
0x004038b6
0x00000000
0x004038b6
0x004038b1
0x004038b3
0x00000000
0x00000000
0x00000000
0x004038b3
0x00403893

APIs

Part of subcall function 00406302: GetModuleHandleA.KERNEL32(?,?,?,00403249,0000000A), ref: 00406314
Part of subcall function 00406302: GetProcAddress.KERNEL32(00000000,?), ref: 0040632F

lstrcatA.KERNEL32(1033,Wave Browser Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wave Browser Setup: Completed,00000000,00000002,73BCFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" ,00000000), ref: 00403813
lstrlenA.KERNEL32(004226A0,?,?,?,004226A0,00000000,C:\Users\user\Wavesor Software\WaveBrowser,1033,Wave Browser Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wave Browser Setup: Completed,00000000,00000002,73BCFA90), ref: 00403888
lstrcmpiA.KERNEL32(?,.exe,004226A0,?,?,?,004226A0,00000000,C:\Users\user\Wavesor Software\WaveBrowser,1033,Wave Browser Setup: Completed,80000001,Control Panel\Desktop\ResourceLocale,00000000,Wave Browser Setup: Completed,00000000), ref: 0040389B
GetFileAttributesA.KERNEL32(004226A0), ref: 004038A6
LoadImageA.USER32 ref: 004038EF

Part of subcall function 00405EC8: wsprintfA.USER32 ref: 00405ED5

RegisterClassA.USER32 ref: 0040392C
SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403944
CreateWindowExA.USER32 ref: 00403979
ShowWindow.USER32(00000005,00000000), ref: 004039AF
GetClassInfoA.USER32 ref: 004039DB
GetClassInfoA.USER32 ref: 004039E8
RegisterClassA.USER32 ref: 004039F1
DialogBoxParamA.USER32 ref: 00403A10

Strings

RichEd32, xrefs: 004039C3
RichEdit20A, xrefs: 004039D3, 004039D9
.exe, xrefs: 00403895
Control Panel\Desktop\ResourceLocale, xrefs: 004037CC
Wave Browser Setup: Completed, xrefs: 004037C4, 004037CA, 004037EF, 004037F8, 0040380D
C:\Users\user\Wavesor Software\WaveBrowser, xrefs: 00403822, 0040382A, 004038C2, 004038C8, 004038D8
.DEFAULT\Control Panel\International, xrefs: 004037FE
"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" , xrefs: 0040379C
RichEdit, xrefs: 004039E2
1033, xrefs: 004037B8, 0040380E
C:\Users\user\AppData\Local\Temp\, xrefs: 0040379D
_Nb, xrefs: 0040390B, 00403973
Completed, xrefs: 00403878, 0040387F, 00403887, 004038A5
RichEd20, xrefs: 004039B5

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: Completed$"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Wavesor Software\WaveBrowser$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$Wave Browser Setup: Completed$_Nb
API String ID: 1975747703-3417280776
Opcode ID: dface4e9632d23add9968eb1af687a71e183a8757a236420549c2432d96a325f
Instruction ID: adaaead87af2f4bee353d1c72736fa47975a157a90096c49b539272413637961
Opcode Fuzzy Hash: dface4e9632d23add9968eb1af687a71e183a8757a236420549c2432d96a325f
Instruction Fuzzy Hash: 1961D7B1744200BED720BF619D45F3B3AACEB4475AF40447EF941B22E1C67C9D069A2E

Uniqueness

Uniqueness Score: -1.00%

Function 00402D63, Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 80%

			E00402D63(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\jones\\Desktop\\Wave Browser_cg5vc6cx_.exe";
				 *0x423710 = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\Wave Browser_cg5vc6cx_.exe", 0x400);
				_t89 = E00405B03(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\jones\\Desktop";
				E00405F6A("C:\\Users\\jones\\Desktop", _t91);
				E00405F6A(0x42b000, E00405949(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x4168c4 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402CFF(1);
					__eflags =  *0x423718 - _t82;
					if( *0x423718 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E0040318E( *0x423718 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402F9C(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x423714 = _t94;
							 *0x42371c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423720 =  *0x423720 + 1;
								__eflags =  *0x423720;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405ABE(0x423740, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E0040318E( *0x40a8b8);
					_t65 = E00403178( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x423718) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403178(0x4168c8, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402CFF(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423718;
						if( *0x423718 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402CFF(0);
							}
							goto L20;
						}
						E00405ABE( &_v44, 0x4168c8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40a8b8; // 0xd600
						 *0x4237c0 =  *0x4237c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x423718 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x409194
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x4168c4; // 0x3d51c68
						if(__eflags < 0) {
							_v12 = E004063B9(_v12, 0x4168c8, _t90);
						}
						 *0x40a8b8 =  *0x40a8b8 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

0x00402d6b
0x00402d6e
0x00402d71
0x00402d74
0x00402d7a
0x00402d8b
0x00402d90
0x00402da3
0x00402da8
0x00402dab
0x00402db1
0x00000000
0x00402db3
0x00402dbe
0x00402dc4
0x00402dd5
0x00402ddc
0x00402de2
0x00402de4
0x00402de9
0x00402deb
0x00402ed8
0x00402eda
0x00402edf
0x00402ee6
0x00000000
0x00000000
0x00402ee8
0x00402eeb
0x00402f0f
0x00402f14
0x00402f1a
0x00402f25
0x00402f2a
0x00402f2d
0x00402f2e
0x00402f2f
0x00402f31
0x00402f36
0x00402f39
0x00402f4c
0x00402f50
0x00402f58
0x00402f5d
0x00402f5f
0x00402f5f
0x00402f5f
0x00402f67
0x00402f67
0x00402f6a
0x00402f6b
0x00402f6b
0x00402f6e
0x00402f70
0x00402f70
0x00402f70
0x00402f7a
0x00402f80
0x00402f8e
0x00402f93
0x00000000
0x00402f93
0x00000000
0x00402f39
0x00402ef3
0x00402efe
0x00402f03
0x00402f05
0x00000000
0x00000000
0x00402f0a
0x00402f0d
0x00000000
0x00000000
0x00000000
0x00402df1
0x00402df6
0x00402dfb
0x00402dff
0x00402e06
0x00402e0b
0x00402e0d
0x00402e0f
0x00402e0f
0x00402e13
0x00402e18
0x00402e1a
0x00402f44
0x00402f3b
0x00000000
0x00402f3b
0x00402e20
0x00402e27
0x00402ea3
0x00402ea7
0x00402eab
0x00402eb0
0x00000000
0x00402ea7
0x00402e30
0x00402e35
0x00402e38
0x00402e3d
0x00000000
0x00000000
0x00402e3f
0x00402e46
0x00000000
0x00000000
0x00402e48
0x00402e4f
0x00000000
0x00000000
0x00402e51
0x00402e58
0x00000000
0x00000000
0x00402e5a
0x00402e61
0x00000000
0x00000000
0x00402e63
0x00402e69
0x00402e72
0x00402e78
0x00402e7b
0x00402e7d
0x00402e83
0x00000000
0x00000000
0x00402e89
0x00402e8d
0x00402e95
0x00402e95
0x00402e98
0x00402e98
0x00402e9b
0x00402e9d
0x00402e9f
0x00402e9f
0x00000000
0x00402e9d
0x00402e8f
0x00402e93
0x00000000
0x00000000
0x00000000
0x00402eb1
0x00402eb1
0x00402eb7
0x00402ec3
0x00402ec3
0x00402ec6
0x00402ecc
0x00402ece
0x00402ece
0x00402ed6
0x00402ed6
0x00000000
0x00402ed6

APIs

GetTickCount.KERNEL32 ref: 00402D74
GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe,00000400), ref: 00402D90

Part of subcall function 00405B03: GetFileAttributesA.KERNEL32(00000003,00402DA3,C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe,80000000,00000003), ref: 00405B07
Part of subcall function 00405B03: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B29

GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe,C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe,80000000,00000003), ref: 00402DDC

Strings

Inst, xrefs: 00402E48
"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" , xrefs: 00402D63
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402F3B
C:\Users\user\AppData\Local\Temp\, xrefs: 00402D6A
C:\Users\user\Desktop, xrefs: 00402DBE, 00402DC3, 00402DC9
soft, xrefs: 00402E51
C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe, xrefs: 00402D7A, 00402D89, 00402D9D, 00402DBD
Null, xrefs: 00402E5A
Error launching installer, xrefs: 00402DB3

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: File$AttributesCountCreateModuleNameSizeTick
String ID: "C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
API String ID: 4283519449-1290771569
Opcode ID: 1397dd72d6c115af7393f493c685ca3f8ebbcff4dac0a2af7d9ad0e79a19b9bb
Instruction ID: 2e32d7aad0b4ca297083aa7498b96cb894cc3d31802a5233eda7db803f364c93
Opcode Fuzzy Hash: 1397dd72d6c115af7393f493c685ca3f8ebbcff4dac0a2af7d9ad0e79a19b9bb
Instruction Fuzzy Hash: CB51D6B1900215ABDB219F65DE89B9F7AB8EB04365F10403BF904B62D1C7BC9E418B9D

Uniqueness

Uniqueness Score: -1.00%

Function 00405F8C, Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 199
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 72%

			E00405F8C(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x422edc; // 0x765a43
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x423758;
				_t39 = 0x4226a0;
				_t90 = 0x4226a0;
				if(_a4 >= 0x4226a0 && _a4 - 0x4226a0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E00405F8C(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x4226a0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = "1572996" + (_t97 << 0xa);
							E00405F6A(_t90, "1572996" + (_t97 << 0xa));
						} else {
							E00405EC8(_t90,  *0x423708);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E004061D4(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42370c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x4237a4;
						if( *0x4237a4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x423704;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x423708,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x423708,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90); // executed
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00405E51((_t80 & 0x0000003f) +  *0x423758, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x423758, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00405F8C(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00405F6A(_a4, _t39);
			}

0x00405f8c
0x00405f8c
0x00405f8c
0x00405f92
0x00405f97
0x00405f99
0x00405fa8
0x00405fa8
0x00405fb0
0x00405fb1
0x00405fb2
0x00405fb3
0x00405fb6
0x00405fbe
0x00405fc0
0x00405fd7
0x00405fda
0x00405fda
0x004061b1
0x004061b1
0x004061b5
0x00000000
0x00000000
0x00405fe7
0x00405fed
0x00000000
0x00000000
0x00405ff3
0x00405ff4
0x00405ff7
0x00405ffa
0x004061a4
0x004061ae
0x004061b0
0x004061b0
0x004061a6
0x004061a8
0x004061aa
0x004061ab
0x004061ab
0x00000000
0x004061a4
0x00406000
0x00406004
0x00406014
0x0040601b
0x0040601e
0x00406026
0x00406029
0x00406030
0x00406031
0x00406034
0x00406151
0x00406154
0x00406184
0x00406187
0x0040618c
0x00406190
0x00406190
0x00406195
0x0040619b
0x0040619d
0x00000000
0x0040619d
0x00406156
0x00406159
0x0040616e
0x00406175
0x0040615b
0x00406162
0x00406162
0x0040617d
0x00406180
0x00406149
0x0040614a
0x0040614a
0x00000000
0x00406180
0x0040603a
0x00406041
0x00406043
0x00406044
0x0040605e
0x0040605e
0x00406065
0x00406065
0x0040606c
0x00406070
0x00406070
0x00406071
0x00406073
0x004060ac
0x004060af
0x004060bf
0x004060c2
0x004060ca
0x004060d0
0x004060d0
0x0040612f
0x0040612f
0x00406131
0x00000000
0x00000000
0x004060d4
0x004060db
0x004060dc
0x004060de
0x004060f8
0x00406106
0x0040610c
0x0040610e
0x0040612c
0x0040612c
0x0040612c
0x00000000
0x0040612c
0x00406114
0x0040611d
0x00406120
0x00406126
0x0040612a
0x00000000
0x00000000
0x00000000
0x0040612a
0x004060e0
0x004060e3
0x00000000
0x00000000
0x004060f2
0x004060f4
0x004060f6
0x00000000
0x00000000
0x00000000
0x004060f6
0x00000000
0x0040612f
0x004060b7
0x00000000
0x00406075
0x00406090
0x00406095
0x00406098
0x00406138
0x00406138
0x0040613c
0x00406144
0x00406144
0x00000000
0x0040613c
0x004060a2
0x00406133
0x00406133
0x00406136
0x00000000
0x00000000
0x00000000
0x00406136
0x00406073
0x00406046
0x0040604a
0x00000000
0x00000000
0x0040604c
0x00406050
0x00000000
0x00000000
0x00406052
0x00406056
0x00000000
0x00406058
0x00406058
0x00000000
0x00406058
0x00406056
0x004061bb
0x004061c5
0x004061d1
0x004061d1
0x00000000

APIs

GetSystemDirectoryA.KERNEL32(004226A0,00000400), ref: 004060B7
GetWindowsDirectoryA.KERNEL32(004226A0,00000400,?,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,004050C9,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000), ref: 004060CA
SHGetSpecialFolderLocation.SHELL32(004050C9,00000000,?,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,004050C9,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000), ref: 00406106
SHGetPathFromIDListA.SHELL32(00000000,004226A0), ref: 00406114
CoTaskMemFree.OLE32(00000000), ref: 00406120
lstrcatA.KERNEL32(004226A0,\Microsoft\Internet Explorer\Quick Launch), ref: 00406144
lstrlenA.KERNEL32(004226A0,?,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,004050C9,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,00000000,0040E8C0,00000000), ref: 00406196

Strings

C:\Users\user\AppData\Local\Temp\nseBA51.tmp\, xrefs: 00405FB1
1572996, xrefs: 0040616E
\Microsoft\Internet Explorer\Quick Launch, xrefs: 0040613E
CZv, xrefs: 00405F99
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406086

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
String ID: 1572996$C:\Users\user\AppData\Local\Temp\nseBA51.tmp\$CZv$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 717251189-908492220
Opcode ID: fdc6a5aa1746c55117902e6833992edfdaf1df66eec9c6c9a1b750bd381f8059
Instruction ID: bb9011323e63b572c88625bc05a244510e37b0ede85a9af68ccf729595c90084
Opcode Fuzzy Hash: fdc6a5aa1746c55117902e6833992edfdaf1df66eec9c6c9a1b750bd381f8059
Instruction Fuzzy Hash: F661F171A00111AEDF219F24CC95BBA3BA5DB45301F16813BE943BA2D2C27C49A2CB5E

Uniqueness

Uniqueness Score: -1.00%

Function 00401759, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 60%

			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402ACB(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E0040596F(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405902(E00405F6A(0x4093e8, "C:\\Users\\jones\\AppData\\Local\\Temp\\nseBA51.tmp")), ??);
				} else {
					_push(0x4093e8);
					E00405F6A();
				}
				E004061D4(0x4093e8);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E0040626D(0x4093e8);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405ADE(0x4093e8);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405B03(0x4093e8, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405091(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x4237a8 =  *0x4237a8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x4237a8;
						goto L32;
					} else {
						E00405F6A(0x409be8, "1572996");
						E00405F6A("1572996", 0x4093e8);
						E00405F8C(_t75, 0x409be8, 0x4093e8, "wavebrowser.packed.7z",  *((intOrPtr*)(_t85 - 0x14)));
						E00405F6A("1572996", 0x409be8);
						_t62 = E00405686("wavebrowser.packed.7z",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x4237a8 =  &( *0x4237a8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x4093e8);
								_push(0xfffffffa);
								E00405091();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405091(0xffffffea,  *(_t85 - 8)); // executed
				 *0x4237d4 =  *0x4237d4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0xc));
				_push( *((intOrPtr*)(_t85 - 0x20)));
				_t43 = E00402F9C(); // executed
				 *0x4237d4 =  *0x4237d4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405F8C(_t75, _t80, 0x4093e8, 0x4093e8, 0xffffffee);
					} else {
						E00405F8C(_t75, _t80, 0x4093e8, 0x4093e8, 0xffffffe9);
						lstrcatA(0x4093e8,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x4093e8);
					E00405686();
					goto L29;
				}
				goto L33;
			}

0x00401759
0x00401760
0x00401769
0x0040176c
0x0040176f
0x00401774
0x0040177c
0x00401798
0x0040177e
0x0040177e
0x0040177f
0x0040177f
0x0040179e
0x004017a8
0x004017a8
0x004017ac
0x004017af
0x004017b4
0x004017b6
0x004017b8
0x004017bd
0x004017bd
0x004017c8
0x004017c8
0x004017d9
0x004017db
0x004017db
0x004017dc
0x004017dc
0x004017df
0x004017e2
0x004017e5
0x004017e5
0x004017ec
0x004017fb
0x00401800
0x00401803
0x00401806
0x00000000
0x00000000
0x00401808
0x0040180b
0x00401865
0x0040186a
0x004015b0
0x0040271c
0x0040271c
0x00402957
0x0040295a
0x0040295a
0x00000000
0x0040180d
0x00401813
0x0040181e
0x0040182b
0x00401836
0x0040184c
0x0040184c
0x0040184f
0x00000000
0x00401855
0x00401855
0x00401856
0x00401873
0x00402960
0x00402960
0x00402960
0x00401858
0x00401858
0x00401859
0x00401492
0x004022e7
0x004022e7
0x004022e7
0x00401856
0x0040184f
0x00402962
0x00402966
0x00402966
0x00401883
0x00401888
0x0040188e
0x0040188f
0x00401890
0x00401893
0x00401896
0x0040189b
0x004018a1
0x004018a5
0x004018a7
0x004018af
0x004018bb
0x004018a9
0x004018a9
0x004018ad
0x00000000
0x00000000
0x004018ad
0x004018c4
0x004018ca
0x004018cc
0x00000000
0x004018d2
0x004018d2
0x004018d5
0x004018ed
0x004018d7
0x004018da
0x004018e3
0x004018e3
0x004018f2
0x004018f7
0x004022e2
0x00000000
0x004022e2
0x00000000

APIs

lstrcatA.KERNEL32(00000000,00000000,"C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z" --do-not-register-for-update-launch --make-chrome-default,C:\Users\user\AppData\Local\Temp\nseBA51.tmp,00000000,00000000,00000031), ref: 00401798
CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z" --do-not-register-for-update-launch --make-chrome-default,"C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z" --do-not-register-for-update-launch --make-chrome-default,00000000,00000000,"C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z" --do-not-register-for-update-launch --make-chrome-default,C:\Users\user\AppData\Local\Temp\nseBA51.tmp,00000000,00000000,00000031), ref: 004017C2

Part of subcall function 00405F6A: lstrcpynA.KERNEL32(?,?,00000400,004032A8,00422F00,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F77

Part of subcall function 00405091: lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030CC,00000000,?), ref: 004050CA
Part of subcall function 00405091: lstrlenA.KERNEL32(004030CC,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030CC,00000000), ref: 004050DA
Part of subcall function 00405091: lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,004030CC,004030CC,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000), ref: 004050ED
Part of subcall function 00405091: SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\), ref: 004050FF
Part of subcall function 00405091: SendMessageA.USER32 ref: 00405125
Part of subcall function 00405091: SendMessageA.USER32 ref: 0040513F
Part of subcall function 00405091: SendMessageA.USER32 ref: 0040514D

Strings

"C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z" --do-not-register-for-update-launch --make-chrome-default, xrefs: 00401775, 0040178B, 0040179D, 004017AE, 004017E4, 004017FA, 00401818, 00401858, 004018D9, 004018E2, 004018EC, 004018F7
wavebrowser.packed.7z, xrefs: 00401826, 00401842
1572996, xrefs: 0040180D, 00401819, 00401831
C:\Users\user\AppData\Local\Temp\nseBA51.tmp, xrefs: 00401786

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: "C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z" --do-not-register-for-update-launch --make-chrome-default$1572996$C:\Users\user\AppData\Local\Temp\nseBA51.tmp$wavebrowser.packed.7z
API String ID: 1941528284-4088553199
Opcode ID: e05100f54101f6d3c895e7db8c6c988e4dd7c25176b0aabcd4c2f6528f85e43f
Instruction ID: ccd8e90e53bd547ce555faf0a88c0b4db7f619f01c1663a473e2e99c851a8e73
Opcode Fuzzy Hash: e05100f54101f6d3c895e7db8c6c988e4dd7c25176b0aabcd4c2f6528f85e43f
Instruction Fuzzy Hash: D841A571A04516BECF107BB5CC45DAF76A8EF45369B20823BF521F20E1C77C8A418A6D

Uniqueness

Uniqueness Score: -1.00%

Function 00405091, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00405091(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x422ee4; // 0x20472
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x4237d4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405F8C(0, _t39, 0x41f4e8, 0x41f4e8, _a4);
					}
					_t26 = lstrlenA(0x41f4e8);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x422ec8, 0x41f4e8); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41f4e8;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41f4e8)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41f4e8, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

0x00405097
0x004050a3
0x004050a6
0x004050ac
0x004050b8
0x004050bb
0x004050be
0x004050c4
0x004050c4
0x004050ca
0x004050d2
0x004050d5
0x004050f2
0x004050f6
0x004050ff
0x004050ff
0x00405109
0x00405112
0x0040511e
0x00405125
0x00405129
0x0040512c
0x0040513f
0x0040514d
0x0040514d
0x00405151
0x00405153
0x00405156
0x00000000
0x00405156
0x004050d7
0x004050df
0x004050e7
0x004050ed
0x00000000
0x004050ed
0x004050e7
0x004050d5
0x00405160

APIs

lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030CC,00000000,?), ref: 004050CA
lstrlenA.KERNEL32(004030CC,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030CC,00000000), ref: 004050DA
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,004030CC,004030CC,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000), ref: 004050ED
SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\), ref: 004050FF
SendMessageA.USER32 ref: 00405125
SendMessageA.USER32 ref: 0040513F
SendMessageA.USER32 ref: 0040514D

Strings

C:\Users\user\AppData\Local\Temp\nseBA51.tmp\, xrefs: 004050B1, 004050C3, 004050C9, 004050EC, 004050F8

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\
API String ID: 2531174081-4251059141
Opcode ID: 954db5f2327d198c380381d75d535be114341e3607e8d3e1ad8a742e9c9284d1
Instruction ID: f15a229f4800e2d3be0f1ca7c95b874ac348c5f245d1a9f1eaef2b17b8141df3
Opcode Fuzzy Hash: 954db5f2327d198c380381d75d535be114341e3607e8d3e1ad8a742e9c9284d1
Instruction Fuzzy Hash: 67217A71E00518BADF119FA5CD84ADFBFA9EB05354F14807AF904AA291C6789E418FA8

Uniqueness

Uniqueness Score: -1.00%

Function 00405557, Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00405557(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40737c;
				_v36.Group = 0x40737c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40736c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}

0x00405562
0x00405566
0x00405569
0x0040556f
0x00405573
0x00405577
0x0040557f
0x00405586
0x0040558c
0x00405593
0x0040559a
0x004055a2
0x004055a4
0x00000000
0x004055a4
0x004055ae
0x004055b5
0x004055cb
0x00000000
0x00000000
0x00000000
0x004055cd
0x004055d1

APIs

CreateDirectoryA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040559A
GetLastError.KERNEL32 ref: 004055AE
SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004055C3
GetLastError.KERNEL32 ref: 004055CD

Strings

|s@, xrefs: 0040555D
C:\Users\user\AppData\Local\Temp\, xrefs: 0040557D
C:\Users\user\Desktop, xrefs: 00405557
ls@, xrefs: 0040558C

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ls@$|s@
API String ID: 3449924974-3603458149
Opcode ID: 6494dcf4892d125dd91232f43a5d02422eac6eb6da40cea13db3a7c62baa9568
Instruction ID: 10c896659e8025b4850b99cc2d4e61bdda87fff31b3f3568e94b9897cbd4a4b4
Opcode Fuzzy Hash: 6494dcf4892d125dd91232f43a5d02422eac6eb6da40cea13db3a7c62baa9568
Instruction Fuzzy Hash: FC010871C04219EAEF019BA1CC447EFBFB9EF04354F10813AD905B6290E378A604CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00402003, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 60%

			E00402003(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x4237d8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x4237a8 =  *0x4237a8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402ACB(0xfffffff0);
				 *(_t34 + 8) = E00402ACB(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405091(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, "1572996", 0x40a828, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E00403738(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}

0x00402003
0x00402003
0x00402008
0x0040200f
0x004020ca
0x0040223d
0x0040223d
0x00402957
0x0040295a
0x00402966
0x00402966
0x0040201e
0x00402028
0x0040202b
0x0040203a
0x0040203e
0x00402044
0x00402048
0x004020c3
0x00000000
0x004020c3
0x0040204a
0x00402053
0x00402057
0x0040209b
0x00402059
0x0040205c
0x0040205f
0x0040208f
0x00402061
0x00402064
0x0040206d
0x0040206f
0x0040206f
0x0040206d
0x0040205f
0x004020a3
0x004020b8
0x004020b8
0x00000000
0x004020a3
0x0040202e
0x00402034
0x00402038
0x00000000
0x00000000
0x00000000

APIs

GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 0040202E
LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040203E
GetProcAddress.KERNEL32(00000000,?), ref: 0040204E
KiUserCallbackDispatcher.NTDLL(?,00000400,1572996,0040A828,00409000,?,00000008,00000001,000000F0), ref: 0040208F

Part of subcall function 00405091: lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030CC,00000000,?), ref: 004050CA
Part of subcall function 00405091: lstrlenA.KERNEL32(004030CC,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030CC,00000000), ref: 004050DA
Part of subcall function 00405091: lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,004030CC,004030CC,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000), ref: 004050ED
Part of subcall function 00405091: SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\), ref: 004050FF
Part of subcall function 00405091: SendMessageA.USER32 ref: 00405125
Part of subcall function 00405091: SendMessageA.USER32 ref: 0040513F
Part of subcall function 00405091: SendMessageA.USER32 ref: 0040514D

FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 004020B8

Strings

1572996, xrefs: 00402082

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$AddressCallbackDispatcherFreeHandleLoadModuleProcTextUserWindowlstrcat
String ID: 1572996
API String ID: 4236411475-1684567302
Opcode ID: bafb678c57b6c6e5e3398695d0d647fb5217cfac268e9a23cc0773f3fca1d504
Instruction ID: fd60b9c6cfc4bddbe94fc7e5a8503348695d94644a3847b69ed94d97695b539d
Opcode Fuzzy Hash: bafb678c57b6c6e5e3398695d0d647fb5217cfac268e9a23cc0773f3fca1d504
Instruction Fuzzy Hash: BC21C971A00215BBCF207FA48E49BAE75B0AB54359F20413BF601B22D0C6BD4A42D66E

Uniqueness

Uniqueness Score: -1.00%

Function 00406294, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00406294(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}

0x004062ab
0x004062b4
0x004062b6
0x004062b6
0x004062ba
0x004062cc
0x004062c6
0x004062c6
0x004062c6
0x004062d0
0x004062e4
0x004062f8
0x004062ff

APIs

GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004062AB
wsprintfA.USER32 ref: 004062E4
LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 004062F8

Strings

%s%s.dll, xrefs: 004062DE
\, xrefs: 004062BC
UXTHEME, xrefs: 0040629D

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%s.dll$UXTHEME$\
API String ID: 2200240437-4240819195
Opcode ID: c1c6f81e5f0925475fc46656834228b64d6aad10adaabf52e6c46f27d1be3297
Instruction ID: b350a7b34e5dfe1d1a07fade029f1484d0e2916aa38c44d12689a48c44b66a33
Opcode Fuzzy Hash: c1c6f81e5f0925475fc46656834228b64d6aad10adaabf52e6c46f27d1be3297
Instruction Fuzzy Hash: FAF0F63091410AAADF15AB74DC0DFFB365CAB08304F1405BAB646E11D2E6B8E9288B69

Uniqueness

Uniqueness Score: -1.00%

Function 00402F9C, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 94%

			E00402F9C(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				long _v16;
				intOrPtr _v20;
				char _v84;
				void* _t59;
				void* _t61;
				intOrPtr _t69;
				long _t70;
				void* _t71;
				intOrPtr _t81;
				intOrPtr _t86;
				long _t89;
				signed int _t90;
				int _t91;
				int _t92;
				intOrPtr _t93;
				void* _t94;
				void* _t95;

				_t90 = _a16;
				_t86 = _a12;
				_v12 = _t90;
				if(_t86 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t81 = _t86;
				if(_t86 == 0) {
					_t81 = 0x40e8c0;
				}
				_t56 = _a4;
				if(_a4 >= 0) {
					E0040318E( *0x423778 + _t56);
				}
				if(E00403178( &_a16, 4) == 0) {
					L33:
					_push(0xfffffffd);
					goto L34;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t86 == 0) {
							while(_a16 > 0) {
								_t91 = _v12;
								if(_a16 < _t91) {
									_t91 = _a16;
								}
								if(E00403178(0x40a8c0, _t91) == 0) {
									goto L33;
								} else {
									_t61 = E00405BAA(_a8, 0x40a8c0, _t91); // executed
									if(_t61 == 0) {
										L28:
										_push(0xfffffffe);
										L34:
										_pop(_t59);
										return _t59;
									}
									_v8 = _v8 + _t91;
									_a16 = _a16 - _t91;
									continue;
								}
							}
							L43:
							return _v8;
						}
						if(_a16 < _t90) {
							_t90 = _a16;
						}
						if(E00403178(_t86, _t90) != 0) {
							_v8 = _t90;
							goto L43;
						} else {
							goto L33;
						}
					}
					_v16 = GetTickCount();
					E00406427(0x40a830);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L43;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t92 = 0x4000;
						if(_a16 < 0x4000) {
							_t92 = _a16;
						}
						if(E00403178(0x40a8c0, _t92) == 0) {
							goto L33;
						}
						_a16 = _a16 - _t92;
						 *0x40a848 = 0x40a8c0;
						 *0x40a84c = _t92;
						while(1) {
							 *0x40a850 = _t81;
							 *0x40a854 = _v12; // executed
							_t69 = E00406447(0x40a830); // executed
							_v20 = _t69;
							if(_t69 < 0) {
								break;
							}
							_t93 =  *0x40a850; // 0x40e8c0
							_t94 = _t93 - _t81;
							_t70 = GetTickCount();
							_t89 = _t70;
							if(( *0x4237d4 & 0x00000001) != 0 && (_t70 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v84, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t95 = _t95 + 0xc;
								E00405091(0,  &_v84); // executed
								_v16 = _t89;
							}
							if(_t94 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L43;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t94;
									_v12 = _v12 - _t94;
									_t81 =  *0x40a850; // 0x40e8c0
									L23:
									if(_v20 != 1) {
										continue;
									}
									goto L43;
								}
								_t71 = E00405BAA(_a8, _t81, _t94); // executed
								if(_t71 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t94;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L34;
					}
					goto L33;
				}
			}

0x00402fa4
0x00402fa8
0x00402fab
0x00402fb0
0x00402fb2
0x00402fb2
0x00402fb9
0x00402fbd
0x00402fc1
0x00402fc3
0x00402fc3
0x00402fc8
0x00402fcd
0x00402fd8
0x00402fd8
0x00402fea
0x0040312f
0x0040312f
0x00000000
0x00402ff0
0x00402ff4
0x0040311a
0x00403163
0x00403134
0x0040313a
0x0040313c
0x0040313c
0x0040314d
0x00000000
0x0040314f
0x00403154
0x0040315b
0x00403114
0x00403114
0x00403131
0x00403131
0x00000000
0x00403131
0x0040315d
0x00403160
0x00000000
0x00403160
0x0040314d
0x0040316e
0x00000000
0x0040316e
0x0040311f
0x00403121
0x00403121
0x0040312d
0x0040316b
0x00000000
0x00000000
0x00000000
0x00000000
0x0040312d
0x00403005
0x00403008
0x0040300d
0x0040300d
0x00403017
0x0040301a
0x00000000
0x00000000
0x00000000
0x00000000
0x00403020
0x00403020
0x00403020
0x00403028
0x0040302a
0x0040302a
0x0040303b
0x00000000
0x00000000
0x00403041
0x00403044
0x0040304a
0x00403050
0x00403058
0x0040305e
0x00403063
0x0040306a
0x0040306d
0x00000000
0x00000000
0x00403073
0x00403079
0x0040307b
0x00403088
0x0040308a
0x004030b8
0x004030be
0x004030c7
0x004030cc
0x004030cc
0x004030d1
0x00403108
0x00000000
0x00000000
0x00000000
0x004030d3
0x004030d7
0x004030ec
0x004030ef
0x004030f2
0x004030f8
0x004030fc
0x00000000
0x00000000
0x00000000
0x00403102
0x004030de
0x004030e5
0x00000000
0x00000000
0x004030e7
0x00000000
0x004030e7
0x004030d1
0x00403110
0x00000000
0x00403110
0x00000000
0x00403020

APIs

GetTickCount.KERNEL32 ref: 00402FFA
GetTickCount.KERNEL32 ref: 0040307B
MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 004030A8
wsprintfA.USER32 ref: 004030B8

Strings

... %d%%, xrefs: 004030B2

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: ... %d%%
API String ID: 551687249-2449383134
Opcode ID: 1fd27a76b4cfc9f99989baa1e417c1091a8e19b6c8bbbe4dda6a34e9ab433526
Instruction ID: 5f1f0f90ab52480f624b15d228fda7616e1eaa7d5f1d5864c66c4d16daa58cb3
Opcode Fuzzy Hash: 1fd27a76b4cfc9f99989baa1e417c1091a8e19b6c8bbbe4dda6a34e9ab433526
Instruction Fuzzy Hash: 69518271901219ABCF10DF65DA4469F7BB8AB08756F14413BF910BB2C0C7389E51CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00405B32, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00405B32(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x4093b4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}

0x00405b36
0x00405b3c
0x00405b3d
0x00405b3d
0x00405b42
0x00405b43
0x00405b46
0x00405b50
0x00405b5d
0x00405b60
0x00405b68
0x00000000
0x00000000
0x00405b6c
0x00000000
0x00000000
0x00405b6e
0x00000000
0x00405b6e
0x00000000

APIs

GetTickCount.KERNEL32 ref: 00405B46
GetTempFileNameA.KERNEL32(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405B60

Strings

"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" , xrefs: 00405B32
nsa, xrefs: 00405B3D
C:\Users\user\AppData\Local\Temp\, xrefs: 00405B35

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: "C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" $C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-1927810
Opcode ID: 4f71c4811bd2189c67125445424a5cfd250d6f6759894b34be1bee502b12972b
Instruction ID: 47ad9e4c3b070603f63866c15a94f77f10573a77d4085d28ed577f0a2abf86d9
Opcode Fuzzy Hash: 4f71c4811bd2189c67125445424a5cfd250d6f6759894b34be1bee502b12972b
Instruction Fuzzy Hash: FFF089367082086BD7104F55DC04B9B7BA8DF91750F10803BFA049A191D6B4B9548B59

Uniqueness

Uniqueness Score: -1.00%

Function 00401C0A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84
windowtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 59%

			E00401C0A(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402AA9(3);
				 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402AA9(4);
				 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402ACB(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402ACB(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402ACB();
					_t32 = E00402ACB();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402AA9();
					 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
					_t41 = E00402AA9(2);
					 *((intOrPtr*)(_t64 - 0x3c)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8)); // executed
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00405EC8();
				}
				 *0x4237a8 =  *0x4237a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}

0x00401c0a
0x00401c0c
0x00401c13
0x00401c16
0x00401c19
0x00401c23
0x00401c27
0x00401c2a
0x00401c33
0x00401c33
0x00401c36
0x00401c3a
0x00401c43
0x00401c43
0x00401c46
0x00401c4a
0x00401c4c
0x00401ca1
0x00401ca3
0x00401cac
0x00401cb4
0x00401cb7
0x00401cb7
0x00401cc0
0x00000000
0x00401c4e
0x00401c55
0x00401c57
0x00401c5a
0x00401c60
0x00401c67
0x00401c6a
0x00401c92
0x00401cc6
0x00401cc6
0x00401c6c
0x00401c7a
0x00401c82
0x00401c85
0x00401c85
0x00401c6a
0x00401cc9
0x00401ccc
0x00401cd2
0x004028ff
0x004028ff
0x0040295a
0x00402966

APIs

SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C7A
SendMessageA.USER32 ref: 00401C92

Strings

!, xrefs: 00401C46

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 5c5cc43d9ea2f1c4f8babb9c5b306aab98c19b0d16ecc4efa158615eb64d646c
Instruction ID: 3953527ca16890ec8ab59ce35194567eea46ff7bd29c8182c04533b3460f2dbd
Opcode Fuzzy Hash: 5c5cc43d9ea2f1c4f8babb9c5b306aab98c19b0d16ecc4efa158615eb64d646c
Instruction Fuzzy Hash: 0C21A2B1E44209BEEF15DFA5D986AAD7BB4EF84304F24843EF501B61D0CB7886418F28

Uniqueness

Uniqueness Score: -1.00%

Function 004059F0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46
stringCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E004059F0(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405F6A(0x421110, _a4);
				_t21 = E0040599B(0x421110);
				if(_t21 != 0) {
					E004061D4(_t21);
					if(( *0x42371c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x421110;
						while(1) {
							_t11 = lstrlenA(0x421110);
							_push(0x421110);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E0040626D();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405949(0x421110);
								continue;
							} else {
								goto L1;
							}
						}
						E00405902();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}

0x004059fc
0x00405a07
0x00405a0b
0x00405a12
0x00405a1e
0x00405a2a
0x00405a2a
0x00405a42
0x00405a43
0x00405a4a
0x00405a4b
0x00000000
0x00000000
0x00405a2e
0x00405a35
0x00405a3d
0x00000000
0x00000000
0x00000000
0x00000000
0x00405a35
0x00405a4d
0x00405a53
0x00000000
0x00405a61
0x00405a20
0x00405a24
0x00000000
0x00000000
0x00000000
0x00000000
0x00405a24
0x00405a0d
0x00000000

APIs

Part of subcall function 00405F6A: lstrcpynA.KERNEL32(?,?,00000400,004032A8,00422F00,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F77

Part of subcall function 0040599B: CharNextA.USER32(?,?,C:\,?,00405A07,C:\,C:\,73BCFA90,?,C:\Users\user\AppData\Local\Temp\,00405752,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004059A9
Part of subcall function 0040599B: CharNextA.USER32(00000000), ref: 004059AE
Part of subcall function 0040599B: CharNextA.USER32(00000000), ref: 004059C2

lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,73BCFA90,?,C:\Users\user\AppData\Local\Temp\,00405752,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A43
GetFileAttributesA.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,73BCFA90,?,C:\Users\user\AppData\Local\Temp\,00405752,?,73BCFA90,C:\Users\user\AppData\Local\Temp\), ref: 00405A53

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004059F0
C:\, xrefs: 004059F6, 004059FB, 00405A01, 00405A3C, 00405A42, 00405A4A, 00405A52

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\$C:\Users\user\AppData\Local\Temp\
API String ID: 3248276644-3049482934
Opcode ID: 3317ae5885fe5557bfe6bd01748d3a5579ce53a26439151f89887cafc9669dc2
Instruction ID: b63be7d1610f08e16cf97c71acc26f165dc25b1935d551b17c13779f5e49e68e
Opcode Fuzzy Hash: 3317ae5885fe5557bfe6bd01748d3a5579ce53a26439151f89887cafc9669dc2
Instruction Fuzzy Hash: 24F0C826315D6156C622237A2C86AAF5644CE87324709473FF851B22D2DA3C89539E7E

Uniqueness

Uniqueness Score: -1.00%

Function 004015BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402ACB(0xfffffff0);
				_t13 = E0040599B(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E0040592D(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004055D4(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004055F1(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405557(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405F6A("C:\\Users\\jones\\AppData\\Local\\Temp\\nseBA51.tmp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x4237a8 =  *0x4237a8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}

0x004015bb
0x004015c2
0x004015c5
0x004015ca
0x004015ce
0x004015d0
0x004015d8
0x004015da
0x004015dc
0x004015e0
0x004015e3
0x004015fb
0x004015fc
0x004015e5
0x004015e5
0x004015e8
0x00000000
0x004015f3
0x004015f4
0x004015f4
0x004015e8
0x00401603
0x0040160a
0x00401617
0x00401617
0x0040160c
0x0040160d
0x00401615
0x00000000
0x00000000
0x00401615
0x0040160a
0x0040161a
0x0040161d
0x0040161f
0x00401620
0x004015d0
0x00401627
0x00401652
0x0040223d
0x00401629
0x0040162b
0x00401636
0x0040163c
0x00401644
0x0040164a
0x0040164a
0x00401644
0x0040295a
0x00402966

APIs

Part of subcall function 0040599B: CharNextA.USER32(?,?,C:\,?,00405A07,C:\,C:\,73BCFA90,?,C:\Users\user\AppData\Local\Temp\,00405752,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004059A9
Part of subcall function 0040599B: CharNextA.USER32(00000000), ref: 004059AE
Part of subcall function 0040599B: CharNextA.USER32(00000000), ref: 004059C2

GetFileAttributesA.KERNEL32(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D

Part of subcall function 00405557: CreateDirectoryA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040559A

SetCurrentDirectoryA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\nseBA51.tmp,00000000,00000000,000000F0), ref: 0040163C

Strings

C:\Users\user\AppData\Local\Temp\nseBA51.tmp, xrefs: 00401631

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Users\user\AppData\Local\Temp\nseBA51.tmp
API String ID: 1892508949-261148512
Opcode ID: 77366072376007a81e873d624303f28143037452507457246f6624776d99043d
Instruction ID: 1397d73bc892ae661a741dfecf38a44b6d03d9e6e7f57cd6dcc913c124f66756
Opcode Fuzzy Hash: 77366072376007a81e873d624303f28143037452507457246f6624776d99043d
Instruction Fuzzy Hash: 59110431608152EBCF217FA55C415BF66B09A96324B28093FE5D2B22E2D63D4E43973F

Uniqueness

Uniqueness Score: -1.00%

Function 00401E5F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E00401E5F() {
				intOrPtr _t20;
				void* _t39;
				void* _t42;
				void* _t47;

				_t45 = E00402ACB(_t39);
				_t20 = E00402ACB(0x31);
				_t43 = E00402ACB(0x22);
				E00402ACB(0x15);
				E00401423(0xffffffec);
				 *(_t47 - 0x70) =  *(_t47 - 0x18);
				 *((intOrPtr*)(_t47 - 0x6c)) =  *((intOrPtr*)(_t47 - 8));
				 *((intOrPtr*)(_t47 - 0x58)) =  *((intOrPtr*)(_t47 - 0x1c));
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t47 - 0x64)) = _t20;
				 *(_t47 - 0x68) =  ~( *_t19) & _t45;
				asm("sbb eax, eax");
				 *(_t47 - 0x5c) = "C:\\Users\\jones\\AppData\\Local\\Temp\\nseBA51.tmp";
				 *(_t47 - 0x60) =  ~( *_t21) & _t43;
				if(E0040564C(_t47 - 0x74) == 0) {
					 *((intOrPtr*)(_t47 - 4)) = 1;
				} else {
					if(( *(_t47 - 0x70) & 0x00000040) != 0) {
						E00406377(_t42,  *((intOrPtr*)(_t47 - 0x3c)));
						_push( *((intOrPtr*)(_t47 - 0x3c)));
						FindCloseChangeNotification(); // executed
					}
				}
				 *0x4237a8 =  *0x4237a8 +  *((intOrPtr*)(_t47 - 4));
				return 0;
			}

0x00401e67
0x00401e69
0x00401e79
0x00401e7b
0x00401e82
0x00401e8a
0x00401e90
0x00401e96
0x00401e9d
0x00401e9f
0x00401ea4
0x00401eab
0x00401ead
0x00401eb6
0x00401ec4
0x0040271c
0x00401eca
0x00401ece
0x00401ed7
0x00401edc
0x00401f26
0x00401f26
0x00401ece
0x0040295a
0x00402966

APIs

Part of subcall function 0040564C: ShellExecuteExA.SHELL32(?,00404450,?), ref: 0040565B

Part of subcall function 00406377: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406388
Part of subcall function 00406377: GetExitCodeProcess.KERNEL32 ref: 004063AA

FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401F26

Strings

@, xrefs: 00401ECA
C:\Users\user\AppData\Local\Temp\nseBA51.tmp, xrefs: 00401EAD

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
String ID: @$C:\Users\user\AppData\Local\Temp\nseBA51.tmp
API String ID: 4215836453-1975679425
Opcode ID: fe88a23fde159f71c27affbcab3750436cfa011845c856564d98a77ba15cb0ec
Instruction ID: 6017cf3989a63cea3b0cee160b45e486e5b17527a8669175605ec38d1688ddda
Opcode Fuzzy Hash: fe88a23fde159f71c27affbcab3750436cfa011845c856564d98a77ba15cb0ec
Instruction Fuzzy Hash: 451121B1F042449ACB11DFF5994A68DBBF4AF44318F24453AA554F72D2DBB98501CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00405609, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24
processCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405609(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x421510->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x421510,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}

0x00405612
0x00405632
0x0040563a
0x0040563f
0x00000000
0x00405645
0x00405649

APIs

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421510,Error launching installer), ref: 00405632
CloseHandle.KERNEL32(?), ref: 0040563F

Strings

Error launching installer, xrefs: 0040561C

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: 0a67d81f0dbc2c48957f366610cafbe47269508c26dde6c53db592e432081f5d
Instruction ID: 9728a5d5e843408a2f651da6c1778568bac2657747ba6051cf584ee7dfff0d45
Opcode Fuzzy Hash: 0a67d81f0dbc2c48957f366610cafbe47269508c26dde6c53db592e432081f5d
Instruction Fuzzy Hash: B0E046F0A00209BFEB009B60EC09F7B7AACEB10748F404861BD11F32A0E374A9108A79

Uniqueness

Uniqueness Score: -1.00%

Function 00403703, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403703() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41eccc;
				_t3 = E004036E8(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8)); // executed
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41eccc =  *0x41eccc & 0x00000000;
				return _t3;
			}

0x00403704
0x0040370c
0x00403713
0x00403716
0x00403716
0x00403718
0x0040371d
0x00403724
0x0040372a
0x0040372e
0x0040372f
0x00403737

APIs

FreeLibrary.KERNEL32(?,73BCFA90,00000000,C:\Users\user\AppData\Local\Temp\,004036DB,004034F5,?,?,00000006,00000008,0000000A), ref: 0040371D
GlobalFree.KERNEL32 ref: 00403724

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00403703

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-3081826266
Opcode ID: 35d1f02da0abf4a3a5ea65bd0cdd12c9264502c99e7b9c945f64e5a7c8fdc6a2
Instruction ID: 9ffce7b129726733408ddd2483fbf3d013749e605b0eca4be9f0b214f3a53a2d
Opcode Fuzzy Hash: 35d1f02da0abf4a3a5ea65bd0cdd12c9264502c99e7b9c945f64e5a7c8fdc6a2
Instruction Fuzzy Hash: 25E01273805121A7C7355F56ED04B5E7768AF49B22F05806BEC407B3A0C7746C418BD9

Uniqueness

Uniqueness Score: -1.00%

Function 00406A2B, Relevance: 5.2, APIs: 4, Instructions: 236
COMMON

Download Yara Rule

C-Code - Quality: 99%

			E00406A2B() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406E99))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4)); // executed
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}

0x00406a2b
0x00406a2b
0x00406a2b
0x00406a2b
0x00406a31
0x00406a35
0x00406a39
0x00406a43
0x00406a51
0x00406d27
0x00406d27
0x00406d2a
0x00406d31
0x00406d5e
0x00406d5e
0x00406d62
0x00000000
0x00000000
0x00406d64
0x00406d6d
0x00406d73
0x00406d76
0x00406d79
0x00406d7c
0x00406d7f
0x00406d85
0x00406d9e
0x00406da1
0x00406dad
0x00406dae
0x00406db1
0x00406d87
0x00406d87
0x00406d96
0x00406d99
0x00406d99
0x00406dbb
0x00406d5b
0x00406d5b
0x00406d5b
0x00406d5e
0x00406d62
0x00000000
0x00000000
0x00000000
0x00406dbd
0x00406dbd
0x00406d36
0x00406d3a
0x00406e72
0x00406e72
0x00406e7c
0x00406e84
0x00406e8b
0x00406e8d
0x00406e94
0x00406e98
0x00406e98
0x00406d40
0x00406d46
0x00406d4d
0x00406d55
0x00406d55
0x00406d58
0x00000000
0x00406d58
0x00406dc2
0x00406dcf
0x00406dd2
0x00406cde
0x00406cde
0x00406cde
0x0040647a
0x0040647a
0x0040647a
0x00406483
0x00000000
0x00000000
0x00406489
0x00406489
0x00000000
0x00406490
0x00406494
0x00000000
0x00000000
0x0040649a
0x0040649d
0x004064a0
0x004064a3
0x004064a7
0x00000000
0x00000000
0x004064ad
0x004064ad
0x004064b0
0x004064b2
0x004064b3
0x004064b6
0x004064b8
0x004064b9
0x004064bb
0x004064be
0x004064c3
0x004064c8
0x004064d1
0x004064e4
0x004064e7
0x004064f3
0x0040651b
0x0040651d
0x0040652b
0x0040652b
0x0040652f
0x00000000
0x00000000
0x00000000
0x00000000
0x0040651f
0x0040651f
0x00406522
0x00406523
0x00406523
0x00000000
0x0040651f
0x004064f5
0x004064f9
0x004064fe
0x004064fe
0x00406507
0x0040650f
0x00406512
0x00000000
0x00406518
0x00406518
0x00000000
0x00406518
0x00000000
0x00406535
0x00406535
0x00406539
0x00406de5
0x00406de5
0x00000000
0x00406de5
0x0040653f
0x00406542
0x00406552
0x00406555
0x00406558
0x00406558
0x00406558
0x0040655b
0x0040655f
0x00000000
0x00000000
0x00406561
0x00406561
0x00406567
0x00406591
0x00406597
0x0040659e
0x00000000
0x0040659e
0x00406569
0x0040656d
0x00406570
0x00406575
0x00406575
0x00406580
0x00406588
0x0040658b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004065d0
0x004065d6
0x004065d9
0x004065e6
0x004065ee
0x00000000
0x00000000
0x004065a5
0x004065a5
0x004065a9
0x00406df4
0x00406df4
0x00000000
0x00406df4
0x004065af
0x004065b5
0x004065c0
0x004065c0
0x004065c0
0x004065c3
0x004065c6
0x004065c9
0x004065ce
0x00000000
0x00000000
0x00000000
0x00000000
0x00406c65
0x00406c65
0x00406c6b
0x00406c71
0x00406c77
0x00406c91
0x00406c94
0x00406c9a
0x00406ca5
0x00406ca5
0x00406ca7
0x00406c79
0x00406c79
0x00406c88
0x00406c8c
0x00406c8c
0x00406cb1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00406cb3
0x00406cb7
0x00406e66
0x00406e66
0x00000000
0x00406e66
0x00406cbd
0x00406cc3
0x00406cca
0x00406cd2
0x00406cd5
0x00406cd8
0x00406cd8
0x00406cde
0x00406cde
0x00000000
0x00000000
0x004065f6
0x004065f6
0x004065f8
0x004065fb
0x0040666c
0x0040666c
0x0040666f
0x00406672
0x00406679
0x00406683
0x00000000
0x00406683
0x004065fd
0x004065fd
0x00406601
0x00406604
0x00406606
0x00406609
0x0040660c
0x0040660e
0x00406611
0x00406613
0x00406618
0x0040661b
0x0040661e
0x00406622
0x00406629
0x0040662c
0x00406633
0x00406637
0x0040663f
0x0040663f
0x0040663f
0x00406639
0x00406639
0x00406639
0x0040662e
0x0040662e
0x0040662e
0x00406643
0x00406646
0x00406664
0x00406664
0x00406666
0x00000000
0x00406648
0x00406648
0x00406648
0x0040664b
0x0040664e
0x00406651
0x00406653
0x00406653
0x00406653
0x00406656
0x00406659
0x0040665b
0x0040665c
0x0040665f
0x00000000
0x0040665f
0x00000000
0x00406895
0x00406895
0x00406899
0x004068b7
0x004068b7
0x004068ba
0x004068c1
0x004068c4
0x004068c7
0x004068ca
0x004068cd
0x004068d0
0x004068d2
0x004068d9
0x004068da
0x004068dc
0x004068df
0x004068e2
0x004068e5
0x004068e5
0x004068ea
0x00000000
0x004068ea
0x0040689b
0x0040689b
0x0040689e
0x004068a1
0x004068ab
0x00000000
0x00000000
0x004068ff
0x004068ff
0x00406903
0x00406926
0x00406929
0x0040692c
0x00406936
0x00406905
0x00406905
0x00406908
0x0040690b
0x0040690e
0x0040691b
0x0040691e
0x0040691e
0x00000000
0x00000000
0x00406942
0x00406942
0x00406946
0x00000000
0x00000000
0x0040694c
0x0040694c
0x00406950
0x00000000
0x00000000
0x00406956
0x00406956
0x00406958
0x0040695c
0x0040695c
0x0040695f
0x00406963
0x00000000
0x00000000
0x004069b3
0x004069b3
0x004069b7
0x004069be
0x004069be
0x004069c1
0x004069c4
0x004069ce
0x00000000
0x004069ce
0x004069b9
0x004069b9
0x00000000
0x00000000
0x004069da
0x004069da
0x004069de
0x004069e5
0x004069e8
0x004069eb
0x004069e0
0x004069e0
0x004069e0
0x004069ee
0x004069f1
0x004069f4
0x004069f4
0x004069f7
0x004069fa
0x004069fd
0x004069fd
0x00406a00
0x00406a07
0x00406a0c
0x00000000
0x00000000
0x00406a9a
0x00406a9a
0x00406a9e
0x00406e3c
0x00406e3c
0x00000000
0x00406e3c
0x00406aa4
0x00406aa4
0x00406aa7
0x00406aaa
0x00406aae
0x00406ab1
0x00406ab7
0x00406ab9
0x00406ab9
0x00406ab9
0x00406abc
0x00406abf
0x00000000
0x00000000
0x0040668f
0x0040668f
0x00406693
0x00406e00
0x00406e00
0x00000000
0x00406e00
0x00406699
0x00406699
0x0040669c
0x0040669f
0x004066a3
0x004066a6
0x004066ac
0x004066ae
0x004066ae
0x004066ae
0x004066b1
0x004066b4
0x004066b4
0x004066b7
0x004066ba
0x00000000
0x00000000
0x004066c0
0x004066c0
0x004066c6
0x00000000
0x00000000
0x004066cc
0x004066cc
0x004066d0
0x004066d3
0x004066d6
0x004066d9
0x004066dc
0x004066dd
0x004066e0
0x004066e2
0x004066e8
0x004066eb
0x004066ee
0x004066f1
0x004066f4
0x004066f7
0x004066fa
0x00406716
0x00406719
0x0040671c
0x0040671f
0x00406726
0x0040672a
0x0040672c
0x00406730
0x004066fc
0x004066fc
0x00406700
0x00406708
0x0040670d
0x0040670f
0x00406711
0x00406711
0x00406733
0x0040673a
0x0040673d
0x00000000
0x00406743
0x00406743
0x00000000
0x00406743
0x00000000
0x00406748
0x00406748
0x0040674c
0x00406e0c
0x00406e0c
0x00000000
0x00406e0c
0x00406752
0x00406752
0x00406755
0x00406758
0x0040675c
0x0040675f
0x00406765
0x00406767
0x00406767
0x00406767
0x0040676a
0x0040676d
0x0040676d
0x0040676d
0x00406773
0x00000000
0x00000000
0x00406775
0x00406775
0x00406778
0x0040677b
0x0040677e
0x00406781
0x00406784
0x00406787
0x0040678a
0x0040678d
0x00406790
0x00406793
0x004067ab
0x004067ae
0x004067b1
0x004067b4
0x004067b4
0x004067b7
0x004067bb
0x004067bd
0x00406795
0x00406795
0x0040679d
0x004067a2
0x004067a4
0x004067a6
0x004067a6
0x004067c0
0x004067c7
0x004067ca
0x00000000
0x004067cc
0x004067cc
0x00000000
0x004067cc
0x004067ca
0x004067d1
0x004067d1
0x004067d1
0x004067d1
0x00000000
0x00000000
0x0040680c
0x0040680c
0x00406810
0x00406e18
0x00406e18
0x00000000
0x00406e18
0x00406816
0x00406816
0x00406819
0x0040681c
0x00406820
0x00406823
0x00406829
0x0040682b
0x0040682b
0x0040682b
0x0040682e
0x00406831
0x00406831
0x00406837
0x004067d5
0x004067d5
0x004067d8
0x00000000
0x004067d8
0x00406839
0x00406839
0x0040683c
0x0040683f
0x00406842
0x00406845
0x00406848
0x0040684b
0x0040684e
0x00406851
0x00406854
0x00406857
0x0040686f
0x00406872
0x00406875
0x00406878
0x00406878
0x0040687b
0x0040687f
0x00406881
0x00406859
0x00406859
0x00406861
0x00406866
0x00406868
0x0040686a
0x0040686a
0x00406884
0x0040688b
0x0040688e
0x00000000
0x00406890
0x00406890
0x00000000
0x00406890
0x00000000
0x00406b1d
0x00406b1d
0x00406b21
0x00406e48
0x00406e48
0x00000000
0x00406e48
0x00406b27
0x00406b27
0x00406b2a
0x00406b2d
0x00406b31
0x00406b34
0x00406b3a
0x00406b3c
0x00406b3c
0x00406b3c
0x00406b3f
0x00000000
0x00000000
0x004068ed
0x004068ed
0x004068f0
0x00000000
0x00000000
0x00406c2c
0x00406c2c
0x00406c30
0x00406c52
0x00406c52
0x00406c55
0x00406c5f
0x00406c62
0x00406c62
0x00000000
0x00406c62
0x00406c32
0x00406c32
0x00406c35
0x00406c39
0x00406c3c
0x00406c3c
0x00406c3f
0x00000000
0x00000000
0x00406ce9
0x00406ce9
0x00406ced
0x00406d0b
0x00406d0b
0x00406d0b
0x00406d0b
0x00406d12
0x00406d19
0x00406d20
0x00406d20
0x00406d27
0x00406d2a
0x00406d31
0x00000000
0x00406d34
0x00406cef
0x00406cef
0x00406cf2
0x00406cf5
0x00406cf8
0x00406cff
0x00406c43
0x00406c43
0x00406c46
0x00000000
0x00000000
0x00406dda
0x00406dda
0x00406ddd
0x00406cde
0x00406cde
0x00406cde
0x00000000
0x00406ce4
0x00000000
0x00406a14
0x00406a14
0x00406a16
0x00406a1d
0x00406a1e
0x00406a20
0x00406a23
0x00000000
0x00000000
0x00000000
0x00000000
0x00406d27
0x00406d27
0x00406d2a
0x00406d31
0x00000000
0x00406d34
0x00000000
0x00000000
0x00000000
0x00406a59
0x00406a59
0x00406a5c
0x00406a92
0x00406a92
0x00406bc2
0x00406bc2
0x00406bc2
0x00406bc2
0x00406bc5
0x00406bc5
0x00406bc8
0x00406bca
0x00406e54
0x00406e54
0x00000000
0x00406e54
0x00406bd0
0x00406bd0
0x00406bd3
0x00000000
0x00000000
0x00406bd9
0x00406bd9
0x00406bdd
0x00406be0
0x00406be0
0x00406be0
0x00000000
0x00406be0
0x00406a5e
0x00406a5e
0x00406a60
0x00406a62
0x00406a64
0x00406a67
0x00406a68
0x00406a6a
0x00406a6c
0x00406a6f
0x00406a72
0x00406a88
0x00406a88
0x00406a8d
0x00406ac5
0x00406ac5
0x00406ac9
0x00406af2
0x00406af5
0x00406af7
0x00406afe
0x00406b01
0x00406b04
0x00406b04
0x00406b09
0x00406b09
0x00406b0b
0x00406b0e
0x00406b15
0x00406b18
0x00406b45
0x00406b45
0x00406b48
0x00406b4b
0x00406bbf
0x00406bbf
0x00406bbf
0x00406bbf
0x00000000
0x00406bbf
0x00406b4d
0x00406b4d
0x00406b53
0x00406b56
0x00406b59
0x00406b5c
0x00406b5f
0x00406b62
0x00406b65
0x00406b68
0x00406b6b
0x00406b6e
0x00406b87
0x00406b89
0x00406b8c
0x00406b8d
0x00406b90
0x00406b92
0x00406b95
0x00406b97
0x00406b99
0x00406b9c
0x00406b9e
0x00406ba1
0x00406ba5
0x00406ba7
0x00406ba7
0x00406ba8
0x00406bab
0x00406bae
0x00406b70
0x00406b70
0x00406b78
0x00406b7d
0x00406b7f
0x00406b82
0x00406b82
0x00406bb1
0x00406bb8
0x00406b42
0x00406b42
0x00406b42
0x00406b42
0x00000000
0x00406bba
0x00406bba
0x00000000
0x00406bba
0x00406bb8
0x00406acb
0x00406acb
0x00406ace
0x00406ad0
0x00406ad3
0x00406ad6
0x00406ad9
0x00406adb
0x00406ade
0x00406ae1
0x00406ae1
0x00406ae4
0x00406ae4
0x00406ae7
0x00406aee
0x00406ac2
0x00406ac2
0x00406ac2
0x00406ac2
0x00000000
0x00406af0
0x00406af0
0x00000000
0x00406af0
0x00406aee
0x00406a74
0x00406a74
0x00406a77
0x00406a79
0x00406a7c
0x00000000
0x00000000
0x004067db
0x004067db
0x004067df
0x00406e24
0x00406e24
0x00000000
0x00406e24
0x004067e5
0x004067e5
0x004067e8
0x004067eb
0x004067ee
0x004067f1
0x004067f4
0x004067f7
0x004067f9
0x004067fc
0x004067ff
0x00406802
0x00406804
0x00406804
0x00406804
0x00000000
0x00000000
0x00406966
0x00406966
0x0040696a
0x00406e30
0x00406e30
0x00000000
0x00406e30
0x00406970
0x00406970
0x00406973
0x00406976
0x00406979
0x0040697b
0x0040697b
0x0040697b
0x0040697e
0x00406981
0x00406984
0x00406987
0x0040698a
0x0040698d
0x0040698e
0x00406990
0x00406990
0x00406990
0x00406993
0x00406996
0x00406999
0x0040699c
0x0040699c
0x0040699c
0x0040699f
0x004069a1
0x004069a1
0x00000000
0x00000000
0x00406be3
0x00406be3
0x00406be3
0x00406be7
0x00000000
0x00000000
0x00406bed
0x00406bed
0x00406bf0
0x00406bf3
0x00406bf6
0x00406bf8
0x00406bf8
0x00406bf8
0x00406bfb
0x00406bfe
0x00406c01
0x00406c04
0x00406c07
0x00406c0a
0x00406c0b
0x00406c0d
0x00406c0d
0x00406c0d
0x00406c10
0x00406c13
0x00406c16
0x00406c19
0x00406c1c
0x00406c20
0x00406c22
0x00406c25
0x00000000
0x00406c27
0x00406c27
0x004069a4
0x004069a4
0x00000000
0x004069a4
0x00406c25
0x00406e5a
0x00406e5a
0x00000000
0x00000000
0x00406489
0x00406e91
0x00406e91
0x00000000
0x00406e91
0x00406cde
0x00406d5e
0x00406d27

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2818476e1d6469588ef8d75e2f77556e52d803f704a1a77dfe7aba4081c4173
Instruction ID: ffc4466fd7e1a84d1c0fc4b16d1a76bfc4ed23806840a2aa82a83de6544419ef
Opcode Fuzzy Hash: b2818476e1d6469588ef8d75e2f77556e52d803f704a1a77dfe7aba4081c4173
Instruction Fuzzy Hash: D6A15371E00229DBDF28CFA8C8547ADBBB1FF44305F15802AD856BB281C7789A96DF44

Uniqueness

Uniqueness Score: -1.00%

Function 00406C2C, Relevance: 5.2, APIs: 4, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56f2a3a3000d6c7273ab2248f4ff10f601781423d0ca2bb331c25efff9829afe
Instruction ID: 3b3aa2dd6ba4133719dd3176c6350ec32f9f513342808bce88e7bfcf8f6a0710
Opcode Fuzzy Hash: 56f2a3a3000d6c7273ab2248f4ff10f601781423d0ca2bb331c25efff9829afe
Instruction Fuzzy Hash: F4913370E00229DBDF28CF98C8587ADBBB1FF44305F15802AD852BB291C7789A96DF44

Uniqueness

Uniqueness Score: -1.00%

Function 00406942, Relevance: 5.2, APIs: 4, Instructions: 205
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E00406942() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406E99))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4)); // executed
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}

0x00000000
0x00406942
0x00406942
0x00406946
0x004069fd
0x00406a00
0x00406a0c
0x004068ed
0x004068ed
0x004068f0
0x00406c62
0x00406c62
0x00406c65
0x00406c65
0x00406c6b
0x00406c71
0x00406c77
0x00406c91
0x00406c94
0x00406c9a
0x00406ca5
0x00406ca7
0x00406c79
0x00406c79
0x00406c88
0x00406c8c
0x00406c8c
0x00406cb1
0x00406cd8
0x00406cd8
0x00406cde
0x00406cde
0x00000000
0x00406cb3
0x00406cb3
0x00406cb7
0x00406e66
0x00000000
0x00406e66
0x00406cc3
0x00406cca
0x00406cd2
0x00406cd5
0x00000000
0x00406cd5
0x0040694c
0x00406950
0x00406e91
0x00406e91
0x00406e94
0x00406e98
0x00406e98
0x00406956
0x0040695c
0x0040695f
0x00406963
0x00406966
0x0040696a
0x00406e30
0x00406e7c
0x00406e84
0x00406e8b
0x00406e8d
0x00000000
0x00406e8d
0x00406970
0x00406973
0x00406979
0x0040697b
0x0040697b
0x0040697e
0x00406981
0x00406984
0x00406987
0x0040698a
0x0040698d
0x0040698e
0x00406990
0x00406990
0x00406990
0x00406993
0x00406996
0x00406999
0x0040699c
0x0040699c
0x0040699f
0x004069a1
0x004069a1
0x004069a4
0x004069a4
0x004069a4
0x0040647a
0x0040647a
0x00406483
0x00000000
0x00000000
0x00406489
0x00000000
0x00406494
0x00000000
0x00000000
0x0040649d
0x004064a0
0x004064a3
0x004064a7
0x00000000
0x00000000
0x004064ad
0x004064b0
0x004064b2
0x004064b3
0x004064b6
0x004064b8
0x004064b9
0x004064bb
0x004064be
0x004064c3
0x004064c8
0x004064d1
0x004064e4
0x004064e7
0x004064f3
0x0040651b
0x0040651d
0x0040652b
0x0040652b
0x0040652f
0x00000000
0x00000000
0x00000000
0x00000000
0x0040651f
0x0040651f
0x00406522
0x00406523
0x00406523
0x00000000
0x0040651f
0x004064f9
0x004064fe
0x004064fe
0x00406507
0x0040650f
0x00406512
0x00000000
0x00406518
0x00406518
0x00000000
0x00406518
0x00000000
0x00406535
0x00406535
0x00406539
0x00406de5
0x00000000
0x00406de5
0x00406542
0x00406552
0x00406555
0x00406558
0x00406558
0x00406558
0x0040655b
0x0040655f
0x00000000
0x00000000
0x00406561
0x00406567
0x00406591
0x00406597
0x0040659e
0x00000000
0x0040659e
0x0040656d
0x00406570
0x00406575
0x00406575
0x00406580
0x00406588
0x0040658b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004065d0
0x004065d6
0x004065d9
0x004065e6
0x004065ee
0x00000000
0x00000000
0x004065a5
0x004065a5
0x004065a9
0x00406df4
0x00000000
0x00406df4
0x004065b5
0x004065c0
0x004065c0
0x004065c0
0x004065c3
0x004065c6
0x004065c9
0x004065ce
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004065f6
0x004065f8
0x004065fb
0x0040666c
0x0040666f
0x00406672
0x00406679
0x00406683
0x00000000
0x00406683
0x004065fd
0x00406601
0x00406604
0x00406606
0x00406609
0x0040660c
0x0040660e
0x00406611
0x00406613
0x00406618
0x0040661b
0x0040661e
0x00406622
0x00406629
0x0040662c
0x00406633
0x00406637
0x0040663f
0x0040663f
0x0040663f
0x00406639
0x00406639
0x00406639
0x0040662e
0x0040662e
0x0040662e
0x00406643
0x00406646
0x00406664
0x00406666
0x00000000
0x00406648
0x00406648
0x0040664b
0x0040664e
0x00406651
0x00406653
0x00406653
0x00406653
0x00406656
0x00406659
0x0040665b
0x0040665c
0x0040665f
0x00000000
0x0040665f
0x00000000
0x00406895
0x00406899
0x004068b7
0x004068ba
0x004068c1
0x004068c4
0x004068c7
0x004068ca
0x004068cd
0x004068d0
0x004068d2
0x004068d9
0x004068da
0x004068dc
0x004068df
0x004068e2
0x004068e5
0x004068e5
0x004068ea
0x00000000
0x004068ea
0x0040689b
0x0040689e
0x004068a1
0x004068ab
0x00000000
0x00000000
0x004068ff
0x00406903
0x00406926
0x00406929
0x0040692c
0x00406936
0x00406905
0x00406905
0x00406908
0x0040690b
0x0040690e
0x0040691b
0x0040691e
0x0040691e
0x00000000
0x00000000
0x00000000
0x00000000
0x004069b3
0x004069b7
0x004069be
0x004069c1
0x004069c4
0x004069ce
0x00000000
0x004069ce
0x004069b9
0x00000000
0x00000000
0x004069da
0x004069de
0x004069e5
0x004069e8
0x004069eb
0x004069e0
0x004069e0
0x004069e0
0x004069ee
0x004069f1
0x004069f4
0x004069f4
0x004069f7
0x004069fa
0x00000000
0x00000000
0x00406a9a
0x00406a9a
0x00406a9e
0x00406e3c
0x00000000
0x00406e3c
0x00406aa4
0x00406aa7
0x00406aaa
0x00406aae
0x00406ab1
0x00406ab7
0x00406ab9
0x00406ab9
0x00406ab9
0x00406abc
0x00406abf
0x00000000
0x00000000
0x0040668f
0x0040668f
0x00406693
0x00406e00
0x00000000
0x00406e00
0x00406699
0x0040669c
0x0040669f
0x004066a3
0x004066a6
0x004066ac
0x004066ae
0x004066ae
0x004066ae
0x004066b1
0x004066b4
0x004066b4
0x004066b7
0x004066ba
0x00000000
0x00000000
0x004066c0
0x004066c6
0x00000000
0x00000000
0x004066cc
0x004066cc
0x004066d0
0x004066d3
0x004066d6
0x004066d9
0x004066dc
0x004066dd
0x004066e0
0x004066e2
0x004066e8
0x004066eb
0x004066ee
0x004066f1
0x004066f4
0x004066f7
0x004066fa
0x00406716
0x00406719
0x0040671c
0x0040671f
0x00406726
0x0040672a
0x0040672c
0x00406730
0x004066fc
0x004066fc
0x00406700
0x00406708
0x0040670d
0x0040670f
0x00406711
0x00406711
0x00406733
0x0040673a
0x0040673d
0x00000000
0x00406743
0x00000000
0x00406743
0x00000000
0x00406748
0x00406748
0x0040674c
0x00406e0c
0x00000000
0x00406e0c
0x00406752
0x00406755
0x00406758
0x0040675c
0x0040675f
0x00406765
0x00406767
0x00406767
0x00406767
0x0040676a
0x0040676d
0x0040676d
0x0040676d
0x00406773
0x00000000
0x00000000
0x00406775
0x00406778
0x0040677b
0x0040677e
0x00406781
0x00406784
0x00406787
0x0040678a
0x0040678d
0x00406790
0x00406793
0x004067ab
0x004067ae
0x004067b1
0x004067b4
0x004067b4
0x004067b7
0x004067bb
0x004067bd
0x00406795
0x00406795
0x0040679d
0x004067a2
0x004067a4
0x004067a6
0x004067a6
0x004067c0
0x004067c7
0x004067ca
0x00000000
0x004067cc
0x00000000
0x004067cc
0x004067ca
0x004067d1
0x004067d1
0x004067d1
0x004067d1
0x00000000
0x00000000
0x0040680c
0x0040680c
0x00406810
0x00406e18
0x00000000
0x00406e18
0x00406816
0x00406819
0x0040681c
0x00406820
0x00406823
0x00406829
0x0040682b
0x0040682b
0x0040682b
0x0040682e
0x00406831
0x00406831
0x00406837
0x004067d5
0x004067d5
0x004067d8
0x00000000
0x004067d8
0x00406839
0x00406839
0x0040683c
0x0040683f
0x00406842
0x00406845
0x00406848
0x0040684b
0x0040684e
0x00406851
0x00406854
0x00406857
0x0040686f
0x00406872
0x00406875
0x00406878
0x00406878
0x0040687b
0x0040687f
0x00406881
0x00406859
0x00406859
0x00406861
0x00406866
0x00406868
0x0040686a
0x0040686a
0x00406884
0x0040688b
0x0040688e
0x00000000
0x00406890
0x00000000
0x00406890
0x00000000
0x00406b1d
0x00406b1d
0x00406b21
0x00406e48
0x00000000
0x00406e48
0x00406b27
0x00406b2a
0x00406b2d
0x00406b31
0x00406b34
0x00406b3a
0x00406b3c
0x00406b3c
0x00406b3c
0x00406b3f
0x00000000
0x00000000
0x00000000
0x00000000
0x00406c2c
0x00406c30
0x00406c52
0x00406c55
0x00406c5f
0x00000000
0x00406c5f
0x00406c32
0x00406c35
0x00406c39
0x00406c3c
0x00406c3c
0x00406c3f
0x00000000
0x00000000
0x00406ce9
0x00406ced
0x00406d0b
0x00406d0b
0x00406d0b
0x00406d12
0x00406d19
0x00406d20
0x00406d20
0x00000000
0x00406d20
0x00406cef
0x00406cf2
0x00406cf5
0x00406cf8
0x00406cff
0x00406c43
0x00406c43
0x00406c46
0x00000000
0x00000000
0x00406dda
0x00406ddd
0x00000000
0x00000000
0x00406a14
0x00406a16
0x00406a1d
0x00406a1e
0x00406a20
0x00406a23
0x00000000
0x00000000
0x00406a2b
0x00406a2e
0x00406a31
0x00406a33
0x00406a35
0x00406a35
0x00406a36
0x00406a39
0x00406a40
0x00406a43
0x00406a51
0x00000000
0x00000000
0x00406d27
0x00406d27
0x00406d2a
0x00406d31
0x00000000
0x00000000
0x00406d36
0x00406d36
0x00406d3a
0x00406e72
0x00000000
0x00406e72
0x00406d40
0x00406d43
0x00406d46
0x00406d4a
0x00406d4d
0x00406d53
0x00406d55
0x00406d55
0x00406d55
0x00406d58
0x00406d5b
0x00406d5b
0x00406d5b
0x00406d5b
0x00406d5e
0x00406d5e
0x00406d62
0x00406dc2
0x00406dc5
0x00406dca
0x00406dcb
0x00406dcd
0x00406dcf
0x00406dd2
0x00000000
0x00406dd2
0x00406d64
0x00406d6a
0x00406d6d
0x00406d70
0x00406d73
0x00406d76
0x00406d79
0x00406d7c
0x00406d7f
0x00406d82
0x00406d85
0x00406d9e
0x00406da1
0x00406da4
0x00406da7
0x00406dab
0x00406dad
0x00406dad
0x00406dae
0x00406db1
0x00406d87
0x00406d87
0x00406d8f
0x00406d94
0x00406d96
0x00406d99
0x00406d99
0x00406db4
0x00406dbb
0x00000000
0x00406dbd
0x00000000
0x00406dbd
0x00000000
0x00406a59
0x00406a5c
0x00406a92
0x00406bc2
0x00406bc2
0x00406bc2
0x00406bc2
0x00406bc5
0x00406bc5
0x00406bc8
0x00406bca
0x00406e54
0x00000000
0x00406e54
0x00406bd0
0x00406bd3
0x00000000
0x00000000
0x00406bd9
0x00406bdd
0x00406be0
0x00406be0
0x00406be0
0x00000000
0x00406be0
0x00406a5e
0x00406a60
0x00406a62
0x00406a64
0x00406a67
0x00406a68
0x00406a6a
0x00406a6c
0x00406a6f
0x00406a72
0x00406a88
0x00406a8d
0x00406ac5
0x00406ac5
0x00406ac9
0x00406af5
0x00406af7
0x00406afe
0x00406b01
0x00406b04
0x00406b04
0x00406b09
0x00406b09
0x00406b0b
0x00406b0e
0x00406b15
0x00406b18
0x00406b45
0x00406b45
0x00406b48
0x00406b4b
0x00406bbf
0x00406bbf
0x00406bbf
0x00000000
0x00406bbf
0x00406b4d
0x00406b53
0x00406b56
0x00406b59
0x00406b5c
0x00406b5f
0x00406b62
0x00406b65
0x00406b68
0x00406b6b
0x00406b6e
0x00406b87
0x00406b89
0x00406b8c
0x00406b8d
0x00406b90
0x00406b92
0x00406b95
0x00406b97
0x00406b99
0x00406b9c
0x00406b9e
0x00406ba1
0x00406ba5
0x00406ba7
0x00406ba7
0x00406ba8
0x00406bab
0x00406bae
0x00406b70
0x00406b70
0x00406b78
0x00406b7d
0x00406b7f
0x00406b82
0x00406b82
0x00406bb1
0x00406bb8
0x00406b42
0x00406b42
0x00406b42
0x00406b42
0x00000000
0x00406bba
0x00000000
0x00406bba
0x00406bb8
0x00406acb
0x00406ace
0x00406ad0
0x00406ad3
0x00406ad6
0x00406ad9
0x00406adb
0x00406ade
0x00406ae1
0x00406ae1
0x00406ae4
0x00406ae4
0x00406ae7
0x00406aee
0x00406ac2
0x00406ac2
0x00406ac2
0x00406ac2
0x00000000
0x00406af0
0x00000000
0x00406af0
0x00406aee
0x00406a74
0x00406a77
0x00406a79
0x00406a7c
0x00000000
0x00000000
0x004067db
0x004067db
0x004067df
0x00406e24
0x00000000
0x00406e24
0x004067e5
0x004067e8
0x004067eb
0x004067ee
0x004067f1
0x004067f4
0x004067f7
0x004067f9
0x004067fc
0x004067ff
0x00406802
0x00406804
0x00406804
0x00406804
0x00000000
0x00000000
0x00000000
0x00000000
0x00406be3
0x00406be3
0x00406be3
0x00406be7
0x00000000
0x00000000
0x00406bed
0x00406bf0
0x00406bf3
0x00406bf6
0x00406bf8
0x00406bf8
0x00406bf8
0x00406bfb
0x00406bfe
0x00406c01
0x00406c04
0x00406c07
0x00406c0a
0x00406c0b
0x00406c0d
0x00406c0d
0x00406c0d
0x00406c10
0x00406c13
0x00406c16
0x00406c19
0x00406c1c
0x00406c20
0x00406c22
0x00406c25
0x00000000
0x00406c27
0x00000000
0x00406c27
0x00406c25
0x00406e5a
0x00000000
0x00000000
0x00406489

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fc8b0fe229dbff43726b3aa98382c4509895189392f9f8db1d3ee082f796570
Instruction ID: 583e61d198cc77022754fa770bf55cdcc509db116518bb017f27c6a68360c261
Opcode Fuzzy Hash: 7fc8b0fe229dbff43726b3aa98382c4509895189392f9f8db1d3ee082f796570
Instruction Fuzzy Hash: B9814471D04229DBDF24CFA8C884BADBBB1FF44305F25816AD446BB281C7389A96DF54

Uniqueness

Uniqueness Score: -1.00%

Function 00406447, Relevance: 5.2, APIs: 4, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27bf3f2d71280db305e6514bcdeee96470c11e7b3e186f58d433be2447d111a6
Instruction ID: 20cbf149701654aecfc40dff313aa48f1da8dd35a22a44c357500b5e58bb095b
Opcode Fuzzy Hash: 27bf3f2d71280db305e6514bcdeee96470c11e7b3e186f58d433be2447d111a6
Instruction Fuzzy Hash: 1B816571D04229DBDF28CFA8C844BADBBB0FF44305F21816AD856BB281C7785A96DF54

Uniqueness

Uniqueness Score: -1.00%

Function 00406895, Relevance: 5.2, APIs: 4, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7de7d62d5bd7f5964df27a39736f706d5b0cb98cf3e46e90e0dfc1ab4ed8f1c
Instruction ID: 803a34037b0f7f5be0b8e0f61a876c36f0b5510bb0b2ab0f73e67388892f039f
Opcode Fuzzy Hash: f7de7d62d5bd7f5964df27a39736f706d5b0cb98cf3e46e90e0dfc1ab4ed8f1c
Instruction Fuzzy Hash: 95710471D04229DBDF24CFA8C8447ADBBB1FB44305F15806AD846BB281D7385A96DF54

Uniqueness

Uniqueness Score: -1.00%

Function 004069B3, Relevance: 5.2, APIs: 4, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e17704cfcf72c8df979941797e4b0b3defb04d6abbfe177bdd58f92bded9ed7
Instruction ID: ad71f402e4a9b92a37c553ea73d368b4d72ad24497358f0b079e3127edd250f9
Opcode Fuzzy Hash: 8e17704cfcf72c8df979941797e4b0b3defb04d6abbfe177bdd58f92bded9ed7
Instruction Fuzzy Hash: 5D713571D04229DBDF28CF98C844BADBBB1FF44305F15806AD856BB281C7389A96DF54

Uniqueness

Uniqueness Score: -1.00%

Function 004068FF, Relevance: 5.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 721cf2a7e84b7ceee3b40c5675287f3d3981b6f25cb9f163efdac731e148116f
Instruction ID: 5c7df32a9af3fd0bcd177ef93077855236352ac101eaea0ca8dc2b1de7da3dc3
Opcode Fuzzy Hash: 721cf2a7e84b7ceee3b40c5675287f3d3981b6f25cb9f163efdac731e148116f
Instruction Fuzzy Hash: B5715571D04229DBEF28CF98C844BADBBB1FF44305F15806AD842BB281C7389A96DF44

Uniqueness

Uniqueness Score: -1.00%

Function 004023D6, Relevance: 4.6, APIs: 3, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00409BE8,00000023,00000011,00000002), ref: 00402421
RegSetValueExA.KERNEL32(?,?,?,?,00409BE8,00000000,00000011,00000002), ref: 0040245E
RegCloseKey.ADVAPI32(?,?,?,00409BE8,00000000,00000011,00000002), ref: 00402542

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CloseValuelstrlen
String ID:
API String ID: 2655323295-0
Opcode ID: 2bc70051c4650a96d1eb6b557fc8345eae1fa602d506a92a03f92bc36fac16b8
Instruction ID: 1fc307ab1697ef986dd5cd2868f3fef353c7a70d956ff55dcab5481d81c0b37e
Opcode Fuzzy Hash: 2bc70051c4650a96d1eb6b557fc8345eae1fa602d506a92a03f92bc36fac16b8
Instruction Fuzzy Hash: E2119371E00115BEDF10EFA5DE49AAEBA74EB54318F20843BF504F71D1C6B95D419B28

Uniqueness

Uniqueness Score: -1.00%

Function 004056EA, Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00405ADE: GetFileAttributesA.KERNEL32(?,?,004056F6,?,?,00000000,004058D9,?,?,?,?), ref: 00405AE3
Part of subcall function 00405ADE: SetFileAttributesA.KERNEL32(?,00000000), ref: 00405AF7

RemoveDirectoryA.KERNEL32(?,?,?,00000000,004058D9), ref: 00405705
DeleteFileA.KERNEL32(?,?,?,00000000,004058D9), ref: 0040570D
SetFileAttributesA.KERNEL32(?,00000000), ref: 00405725

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: File$Attributes$DeleteDirectoryRemove
String ID:
API String ID: 1655745494-0
Opcode ID: 4526b13c13977a81b347ddf21e43b981b877d45027d35de2861a06aa596b0a5f
Instruction ID: 00cd3eab12882a3f19659206189ea3ab42d92ca9329beb30f1c3f95a05fa073d
Opcode Fuzzy Hash: 4526b13c13977a81b347ddf21e43b981b877d45027d35de2861a06aa596b0a5f
Instruction Fuzzy Hash: E5E02B31229A91D6C22077749D08A5F2ED8DFC6364F050A36F452F31D0D37888079A7F

Uniqueness

Uniqueness Score: -1.00%

Function 00406377, Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,00000064), ref: 00406388
WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 0040639D
GetExitCodeProcess.KERNEL32 ref: 004063AA

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: ObjectSingleWait$CodeExitProcess
String ID:
API String ID: 2567322000-0
Opcode ID: 3fc5be53c9690b6a646de8aa25a9e0199d8a61bbccea04230adebb2fbe6478e9
Instruction ID: 0cd4ec7952b05a248ebb9965792abe1936208e1f1afb4a0845a4287efd2e2f9a
Opcode Fuzzy Hash: 3fc5be53c9690b6a646de8aa25a9e0199d8a61bbccea04230adebb2fbe6478e9
Instruction Fuzzy Hash: D3E09231A00118BBDB009B45CC01E9E7B6EDB44700F114033FA05B61A0D6B1AE219AE5

Uniqueness

Uniqueness Score: -1.00%

Function 00403FE2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 00404000

Strings

x, xrefs: 00403FE2

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend
String ID: x
API String ID: 3850602802-2363233923
Opcode ID: 4abed480df06463fe70b265df910d27f296d08dbe05985cee4a365d3d87faa03
Instruction ID: 9402124811725ca1a17dce1b4f62370aade9c0de9cdbc8c055a01be29c05fafa
Opcode Fuzzy Hash: 4abed480df06463fe70b265df910d27f296d08dbe05985cee4a365d3d87faa03
Instruction Fuzzy Hash: B2C012B1A44201BADB254F80DE04F067A70FBA0703F21D039F341210B0C2B11522EB2D

Uniqueness

Uniqueness Score: -1.00%

Function 00402473, Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024A3
RegCloseKey.ADVAPI32(?,?,?,00409BE8,00000000,00000011,00000002), ref: 00402542

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CloseQueryValue
String ID:
API String ID: 3356406503-0
Opcode ID: eb8bea9d3f6ae501a89729f0797859f252af8d4ba9ab62eb5c29bba9df69cc4b
Instruction ID: 797b5721f9f96c9af8eba6c362a28f779825b0d179cdb3fb2efbf2dc45e8c0c9
Opcode Fuzzy Hash: eb8bea9d3f6ae501a89729f0797859f252af8d4ba9ab62eb5c29bba9df69cc4b
Instruction Fuzzy Hash: 4F11C471A05205FEDB15CF64DA989AEBAB49F00348F20843FE545B62C0D2B84A81DB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageA.USER32 ref: 004013F4

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 3be8b2c82b9d5296ba031bde5fc3ac6967fc1ef6e00b1cb2986e69e81292ed92
Instruction ID: 2eeecbca978bd34a3a2c87f0a48c5f542c226d41099ae67583a71d3d142e8862
Opcode Fuzzy Hash: 3be8b2c82b9d5296ba031bde5fc3ac6967fc1ef6e00b1cb2986e69e81292ed92
Instruction Fuzzy Hash: 80012831724210ABE7294B389D04B6A369CE710328F11823BF811F72F1D6B8DC42DB4D

Uniqueness

Uniqueness Score: -1.00%

Function 00402381, Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 004023A2
RegCloseKey.ADVAPI32(00000000), ref: 004023AB

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CloseDeleteValue
String ID:
API String ID: 2831762973-0
Opcode ID: e52abd4e0174ce3b76bb68f1c379d5c93953ff2c69c58b640d2bcd16652b4586
Instruction ID: b5e441b27b73f145435eebc05e6f2b3deee3722b7b5d1586dbbfb91a11b86f75
Opcode Fuzzy Hash: e52abd4e0174ce3b76bb68f1c379d5c93953ff2c69c58b640d2bcd16652b4586
Instruction Fuzzy Hash: A5F09C72B00111ABD711AFE49A8EABE76A49B40314F25453FF602B71C1D6FC5E02876E

Uniqueness

Uniqueness Score: -1.00%

Function 00405163, Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00405173

Part of subcall function 00404055: SendMessageA.USER32 ref: 00404067

OleUninitialize.OLE32(00000404,00000000), ref: 004051BF

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: InitializeMessageSendUninitialize
String ID:
API String ID: 2896919175-0
Opcode ID: 32e1502466aff615d9c0023bab56d084f3c19bdf54b3c32078aed143cf35a7f3
Instruction ID: fa2c611e1d2c0f664eb11af45bb1989af5f8432931924c4ef655412455d753e9
Opcode Fuzzy Hash: 32e1502466aff615d9c0023bab56d084f3c19bdf54b3c32078aed143cf35a7f3
Instruction Fuzzy Hash: E1F0F0F6A00201BFEB212B44AC00B1773B0DBC0702F45803AFF04B62E0923D58028A1D

Uniqueness

Uniqueness Score: -1.00%

Function 00406302, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,?,00403249,0000000A), ref: 00406314
GetProcAddress.KERNEL32(00000000,?), ref: 0040632F

Part of subcall function 00406294: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004062AB
Part of subcall function 00406294: wsprintfA.USER32 ref: 004062E4
Part of subcall function 00406294: LoadLibraryExA.KERNEL32(?,00000000,00000008), ref: 004062F8

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: e3eb2b64292a1dc6e1ff803c1c8bcb3d8649d8f5040aa353a247b19c86812e57
Instruction ID: 7792f7d89acf823de2699a2c6bb45250695d03a410eb934ddee53f05324a8379
Opcode Fuzzy Hash: e3eb2b64292a1dc6e1ff803c1c8bcb3d8649d8f5040aa353a247b19c86812e57
Instruction Fuzzy Hash: D2E08C32A08221ABD3106B74AD0493B73E8DB99740702487EFA06F2180D738EC2296A9

Uniqueness

Uniqueness Score: -1.00%

Function 00405B03, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000003,00402DA3,C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe,80000000,00000003), ref: 00405B07
CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B29

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 3bf94be8ffed2da7c2b8ff60cd5efa52f63dfdc5f5010c3a9122643b4e997265
Instruction ID: 2f873e3f3c43f12a3908621a4267836d753c9203ad123c8b10a06e7f93ada197
Opcode Fuzzy Hash: 3bf94be8ffed2da7c2b8ff60cd5efa52f63dfdc5f5010c3a9122643b4e997265
Instruction Fuzzy Hash: C7D09E31658201EFEF098F20DD16F2EBBA2EB84B00F10962CB642944E0D6715815AB16

Uniqueness

Uniqueness Score: -1.00%

Function 00405ADE, Relevance: 3.0, APIs: 2, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,?,004056F6,?,?,00000000,004058D9,?,?,?,?), ref: 00405AE3
SetFileAttributesA.KERNEL32(?,00000000), ref: 00405AF7

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 7ab00c422df54d36d0d1c47ad5130eeae7fd73d224c9059dc67d6d60f2aac68c
Instruction ID: b7bec259a7406421912cbc46aebe03861170fd98e68390908d479edd226f6e0d
Opcode Fuzzy Hash: 7ab00c422df54d36d0d1c47ad5130eeae7fd73d224c9059dc67d6d60f2aac68c
Instruction Fuzzy Hash: E5D01272908121BFC2112728ED0C89BBF95DB543B1702CB31FD79A26F0E7304C52AAA5

Uniqueness

Uniqueness Score: -1.00%

Function 004036BE, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(FFFFFFFF,004034F5,?,?,00000006,00000008,0000000A), ref: 004036C9

Strings

C:\Users\user\AppData\Local\Temp\nseBA51.tmp\, xrefs: 004036DD

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CloseHandle
String ID: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\
API String ID: 2962429428-4251059141
Opcode ID: 74bbd10c700ad04cd4501273d328f723aec36b298a8b384acbe559924b06b6a2
Instruction ID: 396606c85901c53f59bd577b7c6b05ad80c12e20c965e706032c1b0f9cf5384f
Opcode Fuzzy Hash: 74bbd10c700ad04cd4501273d328f723aec36b298a8b384acbe559924b06b6a2
Instruction Fuzzy Hash: 54C02230A0420093D1302F74ED4B9043A146740331BA00731F479B20F2C33C2A41446E

Uniqueness

Uniqueness Score: -1.00%

Function 004055D4, Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(?,00000000,004031C9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033E8,?,00000006,00000008,0000000A), ref: 004055DA
GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 004055E8

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 6853200a5fdab59dd982fbc96a9ce2e8b021ac935e945b0af5f1b11de4538164
Instruction ID: 176dbb695fa69d1773a7d690fb999828ada584b34c1629d79551d48c85d86b1a
Opcode Fuzzy Hash: 6853200a5fdab59dd982fbc96a9ce2e8b021ac935e945b0af5f1b11de4538164
Instruction Fuzzy Hash: E1C08C30608101BBD6000B318D09B073A56AB00340F1084356002E00F4C6309100C93F

Uniqueness

Uniqueness Score: -1.00%

Function 00401EE1, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 00405091: lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030CC,00000000,?), ref: 004050CA
Part of subcall function 00405091: lstrlenA.KERNEL32(004030CC,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030CC,00000000), ref: 004050DA
Part of subcall function 00405091: lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,004030CC,004030CC,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,00000000,0040E8C0,00000000), ref: 004050ED
Part of subcall function 00405091: SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nseBA51.tmp\,C:\Users\user\AppData\Local\Temp\nseBA51.tmp\), ref: 004050FF
Part of subcall function 00405091: SendMessageA.USER32 ref: 00405125
Part of subcall function 00405091: SendMessageA.USER32 ref: 0040513F
Part of subcall function 00405091: SendMessageA.USER32 ref: 0040514D

Part of subcall function 00405609: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421510,Error launching installer), ref: 00405632
Part of subcall function 00405609: CloseHandle.KERNEL32(?), ref: 0040563F

FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401F26

Part of subcall function 00406377: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406388
Part of subcall function 00406377: GetExitCodeProcess.KERNEL32 ref: 004063AA

Part of subcall function 00405EC8: wsprintfA.USER32 ref: 00405ED5

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
String ID:
API String ID: 1543427666-0
Opcode ID: 606bc4ef278eb87451e9da77045cac63f10bc39193d905996974b1c3ca6b9875
Instruction ID: 32de20b71fe76748aa3203260af1f6e6d1aa6a8cdf539137afe47288bf79fb4e
Opcode Fuzzy Hash: 606bc4ef278eb87451e9da77045cac63f10bc39193d905996974b1c3ca6b9875
Instruction Fuzzy Hash: B8F0BB72A05162E7CF20AFA559898DF65B4DF40319B20057FF501B31D1C77C4E4286AF

Uniqueness

Uniqueness Score: -1.00%

Function 00405E1E, Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402B7C,00000000,?,?), ref: 00405E47

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: c5562a190e42d8950a0f575b3a357be24d756bd6a7e1ac790deddfd4386432da
Instruction ID: 614deb5803ecfea412708c7c06f6093feae3e2eaa5d1670ea64157aa9e0e4aa4
Opcode Fuzzy Hash: c5562a190e42d8950a0f575b3a357be24d756bd6a7e1ac790deddfd4386432da
Instruction Fuzzy Hash: 1AE0ECB201454DBFEF095F90ED0ADBB371DEB14310F00492EFA16E40A0F6B5A920AA75

Uniqueness

Uniqueness Score: -1.00%

Function 00405B7B, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040318B,00000000,00000000,00402FE8,000000FF,00000004,00000000,00000000,00000000), ref: 00405B8F

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 1302354f14da4ac18fdfad316f10263800e98e90a47707ba9ec6b51f8bbd6d6c
Instruction ID: 82daff948be82a3a54a064a8b67bdb156262b24a8193569c828015c470817b44
Opcode Fuzzy Hash: 1302354f14da4ac18fdfad316f10263800e98e90a47707ba9ec6b51f8bbd6d6c
Instruction Fuzzy Hash: AFE0EC3265425AABDF509E559C00BEB7BACEB453A0F008832F915E3190D235F9219BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00405BAA, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,00000020,?,00403159,00000000,0040A8C0,00000020,0040A8C0,00000020,000000FF,00000004,00000000), ref: 00405BBE

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: c136fe23a15198738cdde8d9ae5bd390bad499becbb6fab094427491a2b8e812
Instruction ID: 29870a228079f63f45527f16aa4763e95840d14b1a08b3071f6f7043dbe3ced8
Opcode Fuzzy Hash: c136fe23a15198738cdde8d9ae5bd390bad499becbb6fab094427491a2b8e812
Instruction Fuzzy Hash: EBE0EC3261429AABDF109F559C00EEB7B6CEB05361F144832FD15E6150E271F8219BB5

Uniqueness

Uniqueness Score: -1.00%

Function 00405DF0, Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(00000000,?,00000000,004226A0,004226A0,?,004226A0,?,00405E7E,?,?,-000010B8,-000010B8,00000002,-000010B8), ref: 00405E14

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 688c0e3dac6200a4dcf5f70578aed2939ff3afbafb421f65443b8838c7a2b092
Instruction ID: ba5dad521a6b40c9e54b5391ff095803b52aec86cb211a8a265cc86c886d2883
Opcode Fuzzy Hash: 688c0e3dac6200a4dcf5f70578aed2939ff3afbafb421f65443b8838c7a2b092
Instruction Fuzzy Hash: 2AD0123214460DBBDF115F90EC05FAB371DFB14311F004426FE45A4091D375D670AB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040159D, Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNEL32(00000000,?,000000F0), ref: 004015A8

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: df0c4868b8f5e0a15e0aad09ae5e8ad91aee1276abd3d8c53a65693304450b05
Instruction ID: 6b6e43e0d42c625d8266bfea82bd0fe16559fb602912bc7a2e5d3c6a4b8464c0
Opcode Fuzzy Hash: df0c4868b8f5e0a15e0aad09ae5e8ad91aee1276abd3d8c53a65693304450b05
Instruction Fuzzy Hash: 4ED012B2704111ABCF10DBE89A489DDB7A49B40329B308537D111F21D0D2B98A45A72E

Uniqueness

Uniqueness Score: -1.00%

Function 00405D49, Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

MoveFileExA.KERNEL32(?,?,00000005(MOVEFILE_REPLACE_EXISTING|MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00405D53

Part of subcall function 00405BD9: CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405D6A,?,?), ref: 00405C0A
Part of subcall function 00405BD9: GetShortPathNameA.KERNEL32(?,00421A98,00000400), ref: 00405C13
Part of subcall function 00405BD9: GetShortPathNameA.KERNEL32(?,00421E98,00000400), ref: 00405C30
Part of subcall function 00405BD9: wsprintfA.USER32 ref: 00405C4E
Part of subcall function 00405BD9: GetFileSize.KERNEL32(00000000,00000000,00421E98,C0000000,00000004,00421E98,?,?,?,?,?), ref: 00405C89
Part of subcall function 00405BD9: GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405C98
Part of subcall function 00405BD9: lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CD0
Part of subcall function 00405BD9: SetFilePointer.KERNEL32(004093B8,00000000,00000000,00000000,00000000,00421698,00000000,-0000000A,004093B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405D26
Part of subcall function 00405BD9: GlobalFree.KERNEL32 ref: 00405D37

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: File$GlobalNamePathShort$AllocCloseFreeHandleMovePointerSizelstrcpywsprintf
String ID:
API String ID: 299535525-0
Opcode ID: a7c86fb983e4a2a6b39add72e13c44e1fb896256edc90134224cd530a86ba537
Instruction ID: a26933083b4c0f9a0fa58553d7c0e54d140117203494a92baae2d10ee0292597
Opcode Fuzzy Hash: a7c86fb983e4a2a6b39add72e13c44e1fb896256edc90134224cd530a86ba537
Instruction Fuzzy Hash: 26D09E31118641AEDA111B11EC05A1B7BB1FB91355F10C42AF185500B1E7359451DF15

Uniqueness

Uniqueness Score: -1.00%

Function 00404009, Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetDlgItemTextA.USER32 ref: 00404023

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: ItemText
String ID:
API String ID: 3367045223-0
Opcode ID: 54d02c50c7e2296ddc8c34b1165c5deb25cf1e81ae88b04e05fefa6a0fdd8374
Instruction ID: 949d117cf3dd3f54baa00a1886a883e9003fccaf101d35cf0c4e59632c7dfeb9
Opcode Fuzzy Hash: 54d02c50c7e2296ddc8c34b1165c5deb25cf1e81ae88b04e05fefa6a0fdd8374
Instruction Fuzzy Hash: 0BC04C75148700BFD641A755CC42F1FB799EFA4316F44C92EB55CA61D2CA3988209A2A

Uniqueness

Uniqueness Score: -1.00%

Function 00404055, Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 00404067

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 875450fc840247aea6e73403ee44149e02d5474b467ece0a28835bfda1230da9
Instruction ID: b219db4bd4a8167c49179a39135beeb084f81f4a85e7e9c76e455f2dfd64676a
Opcode Fuzzy Hash: 875450fc840247aea6e73403ee44149e02d5474b467ece0a28835bfda1230da9
Instruction Fuzzy Hash: C6C09B717443007BEA31CB609D49F0777586B90B00F5584357311F50D0C6B4E451D62D

Uniqueness

Uniqueness Score: -1.00%

Function 0040403E, Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 0040404C

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 3bdb3c033a7d800f3f5983e71921b41162ac414239058931643885a1338ef954
Instruction ID: 7b5ccc39adf6f72de5191684d4495c6b43ffe58f78915606d69c4a7e6f44d702
Opcode Fuzzy Hash: 3bdb3c033a7d800f3f5983e71921b41162ac414239058931643885a1338ef954
Instruction Fuzzy Hash: F3B092B5684200BAEE224B40DD09F457EA2E7A4702F008024B300240B0C6B200A1DB19

Uniqueness

Uniqueness Score: -1.00%

Function 0040318E, Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(00000000,00000000,00000000,00402F2A,?), ref: 0040319C

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D

Uniqueness

Uniqueness Score: -1.00%

Function 0040402B, Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00403E07), ref: 00404035

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 12c11760972377b051275edfb0549e2da63da5a0a3d5c66f9a0e944dd115ee42
Instruction ID: 627edf876ec6fe827e8ded8b6e0f84c3e1bff33d3b07c91bc4a796ca35ff40dd
Opcode Fuzzy Hash: 12c11760972377b051275edfb0549e2da63da5a0a3d5c66f9a0e944dd115ee42
Instruction Fuzzy Hash: CAA00176808101ABCB029B50FF09D9ABF62ABA5705B028435E65694174C7325865FF1A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00404A0E, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 481
windowmemoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 96%

			E00404A0E(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				int _t194;
				intOrPtr _t195;
				intOrPtr _t197;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed char _t248;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t273;
				long _t276;
				int _t277;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				signed int _t294;
				int _t295;
				int _t296;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t318 = SendMessageA;
				_v20 =  *0x423748;
				_t282 = 0;
				_v24 =  *0x423714 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t285;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t285 + 4)) == 0x408) {
							if(( *0x42371d & 0x00000002) != 0) {
								L41:
								if(_v16 != _t282) {
									_t231 = _v16;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t282,  *(_t231 + 0x5c));
									}
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6a) {
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											 *(_t233 * 0x418 + _t285 + 8) =  *(_t233 * 0x418 + _t285 + 8) & 0xffffffdf;
										} else {
											 *(_t233 * 0x418 + _t285 + 8) =  *(_t233 * 0x418 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E0040495C(_v8, _a8 != 0x413);
								_t311 = _t239;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x418 + _t88;
									_t241 =  *_t285;
									if((_t241 & 0x00000010) == 0) {
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
										} else {
											_t248 = _t241 ^ 0x00000080;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_a12 = _t311 + 1;
										_a16 =  !( *0x42371c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t282, _t282);
							}
							if(_a8 == 0x40b) {
								_t219 =  *0x41fcec; // 0x0
								if(_t219 != _t282) {
									ImageList_Destroy(_t219);
								}
								_t220 =  *0x41fd00; // 0x0
								if(_t220 != _t282) {
									GlobalFree(_t220);
								}
								 *0x41fcec = _t282;
								 *0x41fd00 = _t282;
								 *0x423780 = _t282;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42371d & 0x00000001) != 0) {
									_t307 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t307);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
								}
								goto L91;
							} else {
								E004011EF(_t285, _t282, _t282);
								_t192 = _a12;
								if(_t192 != _t282) {
									if(_t192 != 0xffffffff) {
										_t192 = _t192 - 1;
									}
									_push(_t192);
									_push(8);
									E004049DC();
								}
								if(_a16 == _t282) {
									L75:
									E004011EF(_t285, _t282, _t282);
									_t194 =  *0x41fd00; // 0x0
									_v32 = _t194;
									_t195 =  *0x423748;
									_v60 = 0xf030;
									_v20 = _t282;
									if( *0x42374c <= _t282) {
										L86:
										InvalidateRect(_v8, _t282, 1);
										_t197 =  *0x422edc; // 0x765a43
										if( *((intOrPtr*)(_t197 + 0x10)) != _t282) {
											E00404917(0x3ff, 0xfffffffb, E0040492F(5));
										}
										goto L88;
									}
									_t308 = _t195 + 8;
									do {
										_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
										if(_t201 != _t282) {
											_t287 =  *_t308;
											_v68 = _t201;
											_v72 = 8;
											if((_t287 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t308[4]);
												_t308[0] = _t308[0] & 0x000000fe;
											}
											if((_t287 & 0x00000040) == 0) {
												_t205 = (_t287 & 0x00000001) + 1;
												if((_t287 & 0x00000010) != 0) {
													_t205 = _t205 + 3;
												}
											} else {
												_t205 = 3;
											}
											_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t287 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t282,  &_v72);
										}
										_v20 = _v20 + 1;
										_t308 =  &(_t308[0x106]);
									} while (_v20 <  *0x42374c);
									goto L86;
								} else {
									_t309 = E004012E2( *0x41fd00);
									E00401299(_t309);
									_t216 = 0;
									_t285 = 0;
									if(_t309 <= _t282) {
										L74:
										SendMessageA(_v12, 0x14e, _t285, _t282);
										_a16 = _t309;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t216 * 4)) != _t282) {
											_t285 = _t285 + 1;
										}
										_t216 = _t216 + 1;
									} while (_t216 < _t309);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t226 = SendMessageA(_v12, 0x147, _t282, _t282);
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageA(_v12, 0x150, _t226, _t282);
							if(_t310 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t310 * 4)) == _t282) {
								_t310 = 0x20;
							}
							E00401299(_t310);
							SendMessageA(_a4, 0x420, _t282, _t310);
							_a12 = _a12 | 0xffffffff;
							_a16 = _t282;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v32 = 0;
					_v16 = 2;
					 *0x423780 = _t306;
					 *0x41fd00 = GlobalAlloc(0x40,  *0x42374c << 2);
					_t252 = LoadBitmapA( *0x423700, 0x6e);
					 *0x41fcf4 =  *0x41fcf4 | 0xffffffff;
					_t313 = _t252;
					 *0x41fcfc = SetWindowLongA(_v8, 0xfffffffc, E00405005);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x41fcec = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x41fcec);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t282, E00405F8C(_t282, _t314, _t318, _t282, _t260)), _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E00404009(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E00404009(_a4);
					_t316 = 0;
					_t284 = 0;
					if( *0x42374c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									if((_t271 & 0x00000004) == 0) {
										_t273 = SendMessageA(_v8, 0x1100, 0,  &_v84);
										_t295 =  *0x41fd00; // 0x0
										 *(_t295 + _t316 * 4) = _t273;
									} else {
										_t284 = SendMessageA(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_t296 =  *0x41fd00; // 0x0
									_v32 = 1;
									 *(_t296 + _t316 * 4) = _t276;
									_t277 =  *0x41fd00; // 0x0
									_t284 =  *(_t277 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x418]);
							_v28 = _t302;
						} while (_t316 <  *0x42374c);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E0040403E(_v8);
								_t282 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E0040403E(_v12);
								L91:
								return E00404070(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}

0x00404a1d
0x00404a2e
0x00404a33
0x00404a3b
0x00404a41
0x00404a49
0x00404a57
0x00404a5a
0x00404c7a
0x00404c81
0x00404c95
0x00404c83
0x00404c85
0x00404c88
0x00404c89
0x00404c90
0x00404c90
0x00404ca1
0x00404caf
0x00404cb2
0x00404cc8
0x00404d3d
0x00404d40
0x00404d42
0x00404d4c
0x00404d5a
0x00404d5a
0x00404d5c
0x00404d66
0x00404d6c
0x00404d6f
0x00404d72
0x00404d8d
0x00404d74
0x00404d7e
0x00404d7e
0x00404d72
0x00404d66
0x00000000
0x00404d40
0x00404ccd
0x00404cd8
0x00404cdd
0x00404ce4
0x00404ce9
0x00404ced
0x00404cf8
0x00404cf8
0x00404cfc
0x00404d00
0x00404d04
0x00404d17
0x00404d06
0x00404d06
0x00404d0d
0x00404d13
0x00404d0f
0x00404d0f
0x00404d0f
0x00404d0d
0x00404d1b
0x00404d1d
0x00404d30
0x00404d33
0x00404d36
0x00404d36
0x00404d00
0x00000000
0x00404ced
0x00404ccf
0x00404cd6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00404d90
0x00404d90
0x00404d97
0x00404e08
0x00404e10
0x00404e18
0x00404e18
0x00404e21
0x00404e23
0x00404e2a
0x00404e2d
0x00404e2d
0x00404e33
0x00404e3a
0x00404e3d
0x00404e3d
0x00404e43
0x00404e49
0x00404e4f
0x00404e4f
0x00404e5c
0x00404fb2
0x00404fb9
0x00404fd6
0x00404fdc
0x00404fee
0x00404fee
0x00000000
0x00404e62
0x00404e64
0x00404e69
0x00404e6e
0x00404e73
0x00404e75
0x00404e75
0x00404e76
0x00404e77
0x00404e79
0x00404e79
0x00404e81
0x00404ec2
0x00404ec4
0x00404ec9
0x00404ed4
0x00404ed7
0x00404edc
0x00404ee3
0x00404ee6
0x00404f88
0x00404f8e
0x00404f94
0x00404f9c
0x00404fad
0x00404fad
0x00000000
0x00404f9c
0x00404eec
0x00404eef
0x00404ef5
0x00404efa
0x00404efc
0x00404efe
0x00404f04
0x00404f0b
0x00404f10
0x00404f17
0x00404f1a
0x00404f1a
0x00404f21
0x00404f2d
0x00404f31
0x00404f33
0x00404f33
0x00404f23
0x00404f25
0x00404f25
0x00404f53
0x00404f5f
0x00404f6e
0x00404f6e
0x00404f70
0x00404f73
0x00404f7c
0x00000000
0x00404e83
0x00404e8e
0x00404e91
0x00404e96
0x00404e98
0x00404e9c
0x00404eac
0x00404eb6
0x00404eb8
0x00404ebb
0x00000000
0x00000000
0x00000000
0x00000000
0x00404e9e
0x00404e9e
0x00404ea4
0x00404ea6
0x00404ea6
0x00404ea7
0x00404ea8
0x00000000
0x00404e9e
0x00404e81
0x00404e5c
0x00404d9f
0x00000000
0x00404db5
0x00404dbf
0x00404dc4
0x00000000
0x00000000
0x00404dd6
0x00404ddb
0x00404de7
0x00404de7
0x00404de9
0x00404df8
0x00404dfa
0x00404dfe
0x00404e01
0x00000000
0x00404e01
0x00404d9f
0x00404a60
0x00404a65
0x00404a6e
0x00404a75
0x00404a83
0x00404a8e
0x00404a94
0x00404aa2
0x00404ab6
0x00404abb
0x00404ac8
0x00404acd
0x00404ae3
0x00404af4
0x00404b01
0x00404b01
0x00404b04
0x00404b0a
0x00404b0c
0x00404b0f
0x00404b14
0x00404b19
0x00404b1b
0x00404b1b
0x00404b3b
0x00404b3b
0x00404b3d
0x00404b3e
0x00404b43
0x00404b46
0x00404b49
0x00404b4d
0x00404b52
0x00404b57
0x00404b5b
0x00404b60
0x00404b65
0x00404b67
0x00404b6f
0x00404c39
0x00404c4c
0x00000000
0x00404b75
0x00404b78
0x00404b7b
0x00404b7e
0x00404b7e
0x00404b84
0x00404b8a
0x00404b8d
0x00404b93
0x00404b94
0x00404b99
0x00404ba2
0x00404ba9
0x00404bac
0x00404baf
0x00404bb2
0x00404bee
0x00404c0f
0x00404c11
0x00404c17
0x00404bf0
0x00404bfd
0x00404bfd
0x00404bb4
0x00404bb7
0x00404bc6
0x00404bd0
0x00404bd2
0x00404bd8
0x00404bdf
0x00404be2
0x00404be7
0x00404be7
0x00404bb2
0x00404c1d
0x00404c1e
0x00404c2a
0x00404c2a
0x00404c37
0x00404c52
0x00404c56
0x00404c73
0x00404c78
0x00000000
0x00404c58
0x00404c5d
0x00404c66
0x00404ff0
0x00405002
0x00405002
0x00404c56
0x00000000
0x00404c37
0x00404b6f

APIs

GetDlgItem.USER32 ref: 00404A26
GetDlgItem.USER32 ref: 00404A31
GlobalAlloc.KERNEL32(00000040,?), ref: 00404A7B
LoadBitmapA.USER32 ref: 00404A8E
SetWindowLongA.USER32 ref: 00404AA7
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404ABB
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404ACD
SendMessageA.USER32 ref: 00404AE3
SendMessageA.USER32 ref: 00404AEF
SendMessageA.USER32 ref: 00404B01
DeleteObject.GDI32(00000000), ref: 00404B04
SendMessageA.USER32 ref: 00404B2F
SendMessageA.USER32 ref: 00404B3B
SendMessageA.USER32 ref: 00404BD0
SendMessageA.USER32 ref: 00404BFB
SendMessageA.USER32 ref: 00404C0F
GetWindowLongA.USER32 ref: 00404C3E
SetWindowLongA.USER32 ref: 00404C4C
ShowWindow.USER32(?,00000005), ref: 00404C5D
SendMessageA.USER32 ref: 00404D5A
SendMessageA.USER32 ref: 00404DBF
SendMessageA.USER32 ref: 00404DD4
SendMessageA.USER32 ref: 00404DF8
SendMessageA.USER32 ref: 00404E18
ImageList_Destroy.COMCTL32(00000000), ref: 00404E2D
GlobalFree.KERNEL32 ref: 00404E3D
SendMessageA.USER32 ref: 00404EB6
SendMessageA.USER32 ref: 00404F5F
SendMessageA.USER32 ref: 00404F6E
InvalidateRect.USER32(?,00000000,00000001), ref: 00404F8E
ShowWindow.USER32(?,00000000), ref: 00404FDC
GetDlgItem.USER32 ref: 00404FE7
ShowWindow.USER32(00000000), ref: 00404FEE

Strings

M, xrefs: 00404BB7
CZv, xrefs: 00404F94
, xrefs: 00404FC6
N, xrefs: 00404C98

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $CZv$M$N
API String ID: 1638840714-2151546992
Opcode ID: 93c98d4ec4668bcb2a28b794a0b84e11ead12c18dbcc0c9b8545a6ab8116134d
Instruction ID: e53edbee2b152b0549b5e4175851bd50996010034005c2ce37e30fc0cedab0f1
Opcode Fuzzy Hash: 93c98d4ec4668bcb2a28b794a0b84e11ead12c18dbcc0c9b8545a6ab8116134d
Instruction Fuzzy Hash: A50260B0900209AFEB20DF94DC85AAE7BB5FB84315F10817AF610B62E1D7799D42DF58

Uniqueness

Uniqueness Score: -1.00%

Function 0040449B, Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 274
stringCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040449B(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;
				void* _t205;

				_t156 = __edx;
				_t82 =  *0x41f4e0; // 0x75be64
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + "1572996";
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040566A(0x3fb, _t146);
					E004061D4(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040566A(0x3fb, _t146);
							if(E004059F0(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405F6A(0x41ecd8, _t146);
							_t87 = E00406302(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405F6A(0x41ecd8, _t146);
								_t89 = E0040599B(0x41ecd8);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41ecd8,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41ecd8) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41ecd8,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405949(0x41ecd8);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41ecd8) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E0040492F(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x422edc; // 0x765a43
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404917(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41ecc8);
									} else {
										E00404852(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x4237c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E0040402B(0 | _v8 == _t158);
								if(_v8 == _t158) {
									_t205 =  *0x41fcf8 - _t158; // 0x0
									if(_t205 == 0) {
										E004043F4();
									}
								}
								 *0x41fcf8 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x41fd08;
							_v60 = E004047EC;
							_v56 = _t146;
							_v68 = E00405F8C(_t146, 0x41fd08, _t166, 0x41f0e0, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405902(_t146);
								_t125 =  *((intOrPtr*)( *0x423714 + 0x11c));
								if( *((intOrPtr*)( *0x423714 + 0x11c)) != 0 && _t146 == "C:\\Users\\jones\\Wavesor Software\\WaveBrowser") {
									E00405F8C(_t146, 0x41fd08, _t166, 0, _t125);
									if(lstrcmpiA(0x4226a0, 0x41fd08) != 0) {
										lstrcatA(_t146, 0x4226a0);
									}
								}
								 *0x41fcf8 =  *0x41fcf8 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					} else {
						_a8 = 0x40f;
						goto L12;
					}
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E0040596F(_t146) != 0 && E0040599B(_t146) == 0) {
						E00405902(_t146);
					}
					 *0x422ed8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404009(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404009(_t166);
					E0040403E(_t165);
					_t138 = E00406302(7);
					if(_t138 == 0) {
						L53:
						return E00404070(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}

0x0040449b
0x004044a1
0x004044a7
0x004044b4
0x004044c2
0x004044c5
0x004044cd
0x004044d3
0x004044d3
0x004044df
0x004044e2
0x00404550
0x00404557
0x0040462e
0x00404635
0x00404644
0x00404644
0x00404648
0x00404652
0x0040465f
0x00404661
0x00404661
0x0040466f
0x00404676
0x0040467d
0x00404680
0x004046b7
0x004046b9
0x004046bf
0x004046c4
0x004046c8
0x004046ca
0x004046ca
0x004046e6
0x00000000
0x004046e8
0x004046eb
0x004046f9
0x004046ff
0x00404700
0x00404703
0x00404706
0x00000000
0x00404706
0x00404682
0x00404684
0x00404688
0x00000000
0x00000000
0x00000000
0x00000000
0x0040468a
0x0040468a
0x00404697
0x0040469c
0x00000000
0x00000000
0x004046a0
0x004046a2
0x004046a2
0x004046aa
0x004046ac
0x004046af
0x004046b2
0x004046b5
0x00000000
0x00000000
0x00000000
0x00000000
0x004046b5
0x00404712
0x0040471c
0x0040471f
0x00404722
0x00404729
0x00404729
0x0040472b
0x0040472b
0x00404730
0x00404732
0x0040473a
0x00404741
0x00404743
0x0040474e
0x0040474e
0x00404743
0x00404755
0x0040475e
0x00404768
0x00404770
0x0040478b
0x00404772
0x0040477b
0x0040477b
0x00404770
0x00404790
0x00404795
0x0040479a
0x004047a3
0x004047a3
0x004047ac
0x004047ae
0x004047ae
0x004047ba
0x004047c2
0x004047c4
0x004047ca
0x004047cc
0x004047cc
0x004047ca
0x004047d1
0x00000000
0x004047d1
0x00404680
0x00404637
0x0040463e
0x00000000
0x00000000
0x00000000
0x0040463e
0x0040455d
0x00404566
0x00404580
0x00404585
0x0040458f
0x00404596
0x004045a2
0x004045a5
0x004045a8
0x004045af
0x004045b7
0x004045ba
0x004045be
0x004045c5
0x004045cd
0x00404627
0x004045cf
0x004045d0
0x004045d7
0x004045e1
0x004045e9
0x004045f6
0x0040460a
0x0040460e
0x0040460e
0x0040460a
0x00404613
0x00404620
0x00404620
0x004045cd
0x00000000
0x00404585
0x00404573
0x00000000
0x00404579
0x00404579
0x00000000
0x00404579
0x004044e4
0x004044f1
0x004044fa
0x00404507
0x00404507
0x0040450e
0x00404514
0x0040451d
0x00404520
0x00404523
0x0040452b
0x0040452e
0x00404531
0x00404537
0x0040453e
0x00404545
0x004047d7
0x004047e9
0x0040454b
0x0040454e
0x00000000
0x0040454e
0x00404545

APIs

GetDlgItem.USER32 ref: 004044EA
SetWindowTextA.USER32(00000000,?), ref: 00404514
SHBrowseForFolderA.SHELL32(?,0041F0E0,?), ref: 004045C5
CoTaskMemFree.OLE32(00000000), ref: 004045D0
lstrcmpiA.KERNEL32(004226A0,Wave Browser Setup: Completed,00000000,?,?), ref: 00404602
lstrcatA.KERNEL32(?,004226A0), ref: 0040460E
SetDlgItemTextA.USER32 ref: 00404620

Part of subcall function 0040566A: GetDlgItemTextA.USER32 ref: 0040567D

Part of subcall function 004061D4: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031B1,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033E8,?,00000006,00000008,0000000A), ref: 0040622C
Part of subcall function 004061D4: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406239
Part of subcall function 004061D4: CharNextA.USER32(?,"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031B1,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033E8,?,00000006,00000008,0000000A), ref: 0040623E
Part of subcall function 004061D4: CharPrevA.USER32(?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031B1,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033E8,?,00000006,00000008,0000000A), ref: 0040624E

GetDiskFreeSpaceA.KERNEL32(0041ECD8,?,?,0000040F,?,0041ECD8,0041ECD8,?,00000001,0041ECD8,?,?,000003FB,?), ref: 004046DE
MulDiv.KERNEL32(?,0000040F,00000400), ref: 004046F9

Part of subcall function 00404852: lstrlenA.KERNEL32(Wave Browser Setup: Completed,Wave Browser Setup: Completed,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,0040476D,000000DF,00000000,00000400,?), ref: 004048F0
Part of subcall function 00404852: wsprintfA.USER32 ref: 004048F8
Part of subcall function 00404852: SetDlgItemTextA.USER32 ref: 0040490B

Strings

1572996, xrefs: 004044B4
CZv, xrefs: 00404755
A, xrefs: 004045BE
Wave Browser Setup: Completed, xrefs: 00404598, 004045FB
C:\Users\user\Wavesor Software\WaveBrowser, xrefs: 004045EB

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: 1572996$A$C:\Users\user\Wavesor Software\WaveBrowser$CZv$Wave Browser Setup: Completed
API String ID: 2624150263-906118996
Opcode ID: 03e8bc56e4921ad75bea8cd1f1782dda8109c9e19b56ba20b71ffa0d74a477b0
Instruction ID: 64b5da15ede57aab044e7fe1d22d086372aa44ea1ea65b7a694081baf4ac5fa5
Opcode Fuzzy Hash: 03e8bc56e4921ad75bea8cd1f1782dda8109c9e19b56ba20b71ffa0d74a477b0
Instruction Fuzzy Hash: 09A1A0B1900209ABDB11AFA5CC41AEFB7B8EF85314F14843BF611B72D1D77C8A418B69

Uniqueness

Uniqueness Score: -1.00%

Function 004020D1, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139
comCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E004020D1() {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x3c) = E00402ACB(0xfffffff0);
				 *(_t111 - 0xc) = E00402ACB(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x80)) = E00402ACB(2);
				 *((intOrPtr*)(_t111 - 0x7c)) = E00402ACB(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402ACB(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x88) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x78) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E0040596F( *(_t111 - 0xc)) == 0) {
					E00402ACB(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x407410, _t87, 1, 0x407400, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x407420, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\jones\\AppData\\Local\\Temp\\nseBA51.tmp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x78));
						_t95 =  *((intOrPtr*)(_t111 - 0x7c));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x88));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x80)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x34)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x3c), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x4237a8 =  *0x4237a8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}

0x004020da
0x004020e4
0x004020ee
0x004020f8
0x00402103
0x00402106
0x00402120
0x00402126
0x0040212c
0x0040212f
0x00402139
0x0040213d
0x0040213d
0x00402142
0x00402153
0x0040215b
0x00402234
0x00402234
0x0040223b
0x00402161
0x00402161
0x00402170
0x00402174
0x00402177
0x0040217d
0x0040218b
0x0040218e
0x00402190
0x0040219b
0x0040219b
0x004021a0
0x004021a2
0x004021a9
0x004021a9
0x004021ac
0x004021b5
0x004021b8
0x004021bd
0x004021bf
0x004021cc
0x004021cc
0x004021cf
0x004021d8
0x004021db
0x004021e4
0x004021ea
0x004021f1
0x0040220a
0x0040220c
0x0040221a
0x0040221a
0x0040220a
0x0040221d
0x00402223
0x00402223
0x00402226
0x0040222c
0x00402232
0x00402247
0x00000000
0x00000000
0x00000000
0x00402232
0x0040223d
0x0040295a
0x00402966

APIs

CoCreateInstance.OLE32(00407410,?,00000001,00407400,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402153
MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00407400,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402202

Strings

C:\Users\user\AppData\Local\Temp\nseBA51.tmp, xrefs: 00402193

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID: C:\Users\user\AppData\Local\Temp\nseBA51.tmp
API String ID: 123533781-261148512
Opcode ID: b6cce7b5fc8f413cb05d008d6efc400a78cc0e54adead5979a01876e38bd8550
Instruction ID: 6501524f140c77e19c8f4c8bf6c33f72b20f6566a7f2a320fdf5b89632137862
Opcode Fuzzy Hash: b6cce7b5fc8f413cb05d008d6efc400a78cc0e54adead5979a01876e38bd8550
Instruction Fuzzy Hash: EE5137B1A00208BFCB10DFE4C989A9D7BB5AF48318F2085AAF515EB2D1DA799941CF14

Uniqueness

Uniqueness Score: -1.00%

Function 004026FE, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040270D

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: db84967a17207f02c6d0b5dcd89b339aa32118489e577b3dc6649bab2232210f
Instruction ID: 595bc86bb0b87b603365eb58ea040ec14d9195657b0818bf84ef9d27f643e594
Opcode Fuzzy Hash: db84967a17207f02c6d0b5dcd89b339aa32118489e577b3dc6649bab2232210f
Instruction Fuzzy Hash: AAF0A772604151EAD700E7A499499EEB768CB15315F60457BE281F20C1C6B88A469B3E

Uniqueness

Uniqueness Score: -1.00%

Function 00404174, Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202
windowstringCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E00404174(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x41ecd4 =  *0x41ecd4 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404070(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x4226a0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_push(1);
								E00404418(_a4, _v8);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423708, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423708, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x41ecd4 != 0) {
						goto L25;
					} else {
						_t103 =  *0x41f4e0; // 0x75be64
						_t25 = _t103 + 0x14; // 0x75be78
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E0040402B(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004043F4();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x422edc; // 0x765a43
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423758;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040413F;
				E00404009(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00404009(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E0040402B( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E0040403E(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423714 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				 *0x41ecd4 = 0;
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x41ecd4 = 0;
				return 0;
			}

0x00404184
0x004042a9
0x00404305
0x00404309
0x004043d6
0x004043d8
0x004043d8
0x004043de
0x004043de
0x004043e1
0x00000000
0x004043e8
0x00404317
0x00404319
0x00404323
0x0040432e
0x00404331
0x00404334
0x0040433f
0x00404342
0x00404349
0x00404357
0x0040436f
0x00404371
0x00404379
0x00404388
0x0040438a
0x0040438a
0x00404349
0x00404394
0x00000000
0x0040439f
0x004043a3
0x004043b4
0x004043b4
0x004043ba
0x004043c8
0x004043c8
0x00000000
0x004043cc
0x00404394
0x004042b4
0x00000000
0x004042c8
0x004042c8
0x004042ce
0x004042ce
0x004042d4
0x00000000
0x00000000
0x004042f9
0x004042fb
0x00404300
0x00000000
0x00404300
0x004042b4
0x0040418a
0x0040418d
0x00404192
0x00404194
0x004041a3
0x004041a3
0x004041aa
0x004041ad
0x004041af
0x004041b4
0x004041bd
0x004041c3
0x004041cf
0x004041d2
0x004041db
0x004041e0
0x004041e3
0x004041e8
0x004041ff
0x00404206
0x00404219
0x0040421c
0x00404231
0x00404238
0x0040423d
0x00404242
0x00404242
0x00404251
0x00404260
0x00404272
0x00404277
0x00404287
0x00404289
0x00000000

APIs

CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004041FF
GetDlgItem.USER32 ref: 00404213
SendMessageA.USER32 ref: 00404231
GetSysColor.USER32(?), ref: 00404242
SendMessageA.USER32 ref: 00404251
SendMessageA.USER32 ref: 00404260
lstrlenA.KERNEL32(?), ref: 00404263
SendMessageA.USER32 ref: 00404272
SendMessageA.USER32 ref: 00404287
GetDlgItem.USER32 ref: 004042E9
SendMessageA.USER32 ref: 004042EC
GetDlgItem.USER32 ref: 00404317
SendMessageA.USER32 ref: 00404357
LoadCursorA.USER32 ref: 00404366
SetCursor.USER32(00000000), ref: 0040436F
LoadCursorA.USER32 ref: 00404385
SetCursor.USER32(00000000), ref: 00404388
SendMessageA.USER32 ref: 004043B4
SendMessageA.USER32 ref: 004043C8

Strings

?A@, xrefs: 00404373
N, xrefs: 00404305
CZv, xrefs: 00404194

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
String ID: ?A@$CZv$N
API String ID: 3103080414-2710814475
Opcode ID: 073baeb7e2e56e8e61070ac22e94b8c547292f2e7e559fc5b4704c6dbdd391f8
Instruction ID: 58642e7cad261c001b024910741a92c2a1970d4d91afa6865c69404cbc82dd24
Opcode Fuzzy Hash: 073baeb7e2e56e8e61070ac22e94b8c547292f2e7e559fc5b4704c6dbdd391f8
Instruction Fuzzy Hash: F061B2B1A40209BFEB109F61DD45B6A7B69FB84715F008036FB04BA2D1C7B8A951CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423714;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x422f00, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423708;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}

0x0040100a
0x00401039
0x00401047
0x0040104d
0x00401051
0x0040105b
0x00401061
0x00401064
0x004010f3
0x00401089
0x0040108c
0x004010a6
0x004010bd
0x004010cc
0x004010cf
0x004010d5
0x004010d9
0x004010e4
0x004010ed
0x004010ef
0x004010ef
0x00401100
0x00401105
0x0040110d
0x00401110
0x00401112
0x00401118
0x0040111f
0x00401126
0x00401130
0x00401142
0x00401156
0x00401160
0x00401165
0x00401165
0x00401110
0x0040116e
0x00000000
0x00401178
0x00401010
0x00401013
0x00401015
0x0040101f
0x0040101f
0x00000000

APIs

DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32 ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32 ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectA.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextA.USER32(00000000,00422F00,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: 0195cc9bd3a679183555b6c9b2658d6023a39abd86bfcdd07458fb5c51006648
Instruction ID: d756f8073455ec7f94eaaa006bac723f94b68f9cc4de0a6a70f3062e944f429a
Opcode Fuzzy Hash: 0195cc9bd3a679183555b6c9b2658d6023a39abd86bfcdd07458fb5c51006648
Instruction Fuzzy Hash: 6E419B71804249AFCF058FA4CD459AFBFB9FF44310F00812AF961AA1A0C738EA50DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00405BD9, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129
memorystringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405BD9(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x421a98 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x421e98, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x421698, "%s=%s\r\n", 0x421a98, 0x421e98);
						_t53 = _t52 + 0x10;
						E00405F8C(_t37, 0x400, 0x421e98, 0x421e98,  *((intOrPtr*)( *0x423714 + 0x128)));
						_t12 = E00405B03(0x421e98, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405B7B(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405A68(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405A68(_t38, _t21 + 0xa, 0x4093b8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405ABE(_t24 + _t46, 0x421698, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405BAA(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405B03(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x421a98, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}

0x00405bd9
0x00405be2
0x00405be9
0x00405bfd
0x00405c25
0x00405c30
0x00405c34
0x00405c54
0x00405c5b
0x00405c65
0x00405c72
0x00405c77
0x00405c7c
0x00405c80
0x00405c8f
0x00405c91
0x00405c9e
0x00405ca2
0x00405d3d
0x00000000
0x00405cb8
0x00405cc5
0x00405ce9
0x00405ced
0x00405d0c
0x00405d10
0x00405d10
0x00405d12
0x00405d1b
0x00405d26
0x00405d31
0x00405d37
0x00000000
0x00405d37
0x00405cef
0x00405cf2
0x00405cfd
0x00405cf9
0x00405cfb
0x00405cfc
0x00405cfc
0x00405d04
0x00405d06
0x00000000
0x00405d06
0x00405cd0
0x00405cd6
0x00000000
0x00405cd6
0x00405ca2
0x00405c80
0x00405bff
0x00405c0a
0x00405c13
0x00405c17
0x00000000
0x00000000
0x00405c17
0x00405d48

APIs

CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405D6A,?,?), ref: 00405C0A
GetShortPathNameA.KERNEL32(?,00421A98,00000400), ref: 00405C13

Part of subcall function 00405A68: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CC3,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A78
Part of subcall function 00405A68: lstrlenA.KERNEL32(00000000,?,00000000,00405CC3,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405AAA

GetShortPathNameA.KERNEL32(?,00421E98,00000400), ref: 00405C30
wsprintfA.USER32 ref: 00405C4E
GetFileSize.KERNEL32(00000000,00000000,00421E98,C0000000,00000004,00421E98,?,?,?,?,?), ref: 00405C89
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405C98
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CD0
SetFilePointer.KERNEL32(004093B8,00000000,00000000,00000000,00000000,00421698,00000000,-0000000A,004093B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405D26
GlobalFree.KERNEL32 ref: 00405D37
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405D3E

Part of subcall function 00405B03: GetFileAttributesA.KERNEL32(00000003,00402DA3,C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe,80000000,00000003), ref: 00405B07
Part of subcall function 00405B03: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B29

Strings

[Rename], xrefs: 00405CB8, 00405CCA
%s=%s, xrefs: 00405C44

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
String ID: %s=%s$[Rename]
API String ID: 2171350718-1727408572
Opcode ID: 7a3cbcd02f5254dce29d3f588390a4d70db6fad4625d33ef473b20247575bd2a
Instruction ID: 5deb0727307c374d823852481fd1d72290d2d80dc16b0ec149a77f792b4fa3ea
Opcode Fuzzy Hash: 7a3cbcd02f5254dce29d3f588390a4d70db6fad4625d33ef473b20247575bd2a
Instruction Fuzzy Hash: 0F31F231605B156BD6206B659C49F6B3AACDF45754F14043BBE01FA2D2E67CAC008EBD

Uniqueness

Uniqueness Score: -1.00%

Function 004061D4, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004061D4(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E0040596F(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E0040592D("*?|<>/\":", _t5))) == 0) {
							E00405ABE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}

0x004061d6
0x004061de
0x004061f2
0x004061f2
0x004061f8
0x00406205
0x00406205
0x00406206
0x00406208
0x0040620c
0x0040620e
0x00406217
0x00406219
0x00406233
0x0040623b
0x0040623b
0x00406240
0x00406242
0x00406244
0x00406248
0x00406249
0x0040624c
0x00406254
0x00406256
0x0040625a
0x00000000
0x00000000
0x00406260
0x00406265
0x00000000
0x00000000
0x00000000
0x00406265
0x0040626a

APIs

CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031B1,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033E8,?,00000006,00000008,0000000A), ref: 0040622C
CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406239
CharNextA.USER32(?,"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031B1,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033E8,?,00000006,00000008,0000000A), ref: 0040623E
CharPrevA.USER32(?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,004031B1,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033E8,?,00000006,00000008,0000000A), ref: 0040624E

Strings

"C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" , xrefs: 00406210
*?|<>/":, xrefs: 0040621C
C:\Users\user\AppData\Local\Temp\, xrefs: 004061D5

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Char$Next$Prev
String ID: "C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-3159843319
Opcode ID: 7d136cfff8c7bf043451e4c65a0ab86a2e72481698e5121a5e115d190c3ec359
Instruction ID: 78b5553556e1b29770c7274e4e8764cd0b55728b37568efcb800383df96c7a9c
Opcode Fuzzy Hash: 7d136cfff8c7bf043451e4c65a0ab86a2e72481698e5121a5e115d190c3ec359
Instruction Fuzzy Hash: FF11045180839029FB3226380C40BB76F994F6A760F1900BFE8D2722C2D67C5CA2976E

Uniqueness

Uniqueness Score: -1.00%

Function 00404070, Relevance: 12.1, APIs: 8, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404070(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}

0x00404082
0x00404138
0x00000000
0x00404138
0x00404093
0x00404097
0x00000000
0x004040b1
0x004040b1
0x004040ba
0x00000000
0x00000000
0x004040bc
0x004040c8
0x004040cb
0x004040cb
0x004040d1
0x004040d7
0x004040d7
0x004040e3
0x004040e9
0x004040f0
0x004040f3
0x004040f6
0x004040f8
0x004040f8
0x00404100
0x00404106
0x00404106
0x00404110
0x00404115
0x00404118
0x0040411d
0x00404120
0x00404120
0x00404130
0x00404130
0x00000000
0x00404133

APIs

GetWindowLongA.USER32 ref: 0040408D
GetSysColor.USER32(00000000), ref: 004040CB
SetTextColor.GDI32(?,00000000), ref: 004040D7
SetBkMode.GDI32(?,?), ref: 004040E3
GetSysColor.USER32(?), ref: 004040F6
SetBkColor.GDI32(?,?), ref: 00404106
DeleteObject.GDI32(?), ref: 00404120
CreateBrushIndirect.GDI32(?), ref: 0040412A

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: c86d0c104538bc307405f6e360d8371e1c040facf7e5af7d22035c6604205aa7
Instruction ID: dc807fd0e826fa60b9ec6720df696095df3ef071cd79e71149a0dd006d979902
Opcode Fuzzy Hash: c86d0c104538bc307405f6e360d8371e1c040facf7e5af7d22035c6604205aa7
Instruction Fuzzy Hash: D021B2709047059BCB309F28DC48A4BBBF8AF81715F048A2AFA96B62E0C334E844CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0040495C, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040495C(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}

0x0040496a
0x00404977
0x0040497d
0x004049bb
0x004049bb
0x004049ca
0x004049d1
0x00000000
0x004049d3
0x0040497f
0x0040498e
0x00404996
0x00404999
0x004049ab
0x004049b1
0x004049b8
0x00000000
0x004049b8
0x00000000

APIs

SendMessageA.USER32 ref: 00404977
GetMessagePos.USER32 ref: 0040497F
ScreenToClient.USER32 ref: 00404999
SendMessageA.USER32 ref: 004049AB
SendMessageA.USER32 ref: 004049D1

Strings

f, xrefs: 004049AD

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
Instruction ID: 064635845699c0f4496499246dda67b20ede28c923f9f6f9e3dc5f389f782763
Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
Instruction Fuzzy Hash: 38015271D00219BADB01DBA4DD85BFFBBBCAF55711F10412BBA10B61C0D7B469018BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00401D9B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E00401D9B(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402AA9(2);
				 *((intOrPtr*)(_t35 - 0x3c)) = _t30;
				0x40a7e8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40a7f8 = E00402AA9(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x3c)) = _t30;
				 *0x40a7ff = 1;
				 *0x40a7fc = _t15 & 0x00000001;
				 *0x40a7fd = _t15 & 0x00000002;
				 *0x40a7fe = _t15 & 0x00000004;
				E00405F8C(_t9, _t31, _t33, "MS Shell Dlg",  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40a7e8);
				_push(_t18);
				_push(_t33);
				E00405EC8();
				 *0x4237a8 =  *0x4237a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}

0x00401d9b
0x00401da6
0x00401da8
0x00401db5
0x00401dcc
0x00401dd1
0x00401dde
0x00401de3
0x00401de7
0x00401df2
0x00401df9
0x00401e0b
0x00401e11
0x00401e16
0x00401e20
0x0040257d
0x00401569
0x004028ff
0x0040295a
0x00402966

APIs

GetDC.USER32(?), ref: 00401D9E
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DB8
MulDiv.KERNEL32(00000000,00000000), ref: 00401DC0
ReleaseDC.USER32 ref: 00401DD1
CreateFontIndirectA.GDI32(0040A7E8), ref: 00401E20

Strings

MS Shell Dlg, xrefs: 00401E06

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID: MS Shell Dlg
API String ID: 3808545654-76309092
Opcode ID: 6a8c14db2f1d773d547e4ece9ff7750bd8912a8ea0f13da685b557514c98691f
Instruction ID: 85430ec79d7d493a62f5c90f0650e63f0d0faf8675fc45e27afe54df9b067c18
Opcode Fuzzy Hash: 6a8c14db2f1d773d547e4ece9ff7750bd8912a8ea0f13da685b557514c98691f
Instruction Fuzzy Hash: CD019271948341AFE7009BB0AE49E9A7FB4DB55305F108479F101BB2E2CA7841909F2F

Uniqueness

Uniqueness Score: -1.00%

Function 00402C7C, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402C7C(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40a8b8; // 0xd600
					_t11 =  *0x4168c4; // 0x3d51c68
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}

0x00402c89
0x00402c97
0x00402c9d
0x00402c9d
0x00402cab
0x00402cad
0x00402cb3
0x00402cba
0x00402cbc
0x00402cbc
0x00402cd2
0x00402ce2
0x00402cf4
0x00402cf4
0x00402cfc

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C97
MulDiv.KERNEL32(0000D600,00000064,03D51C68), ref: 00402CC2
wsprintfA.USER32 ref: 00402CD2
SetWindowTextA.USER32(?,?), ref: 00402CE2
SetDlgItemTextA.USER32 ref: 00402CF4

Strings

verifying installer: %d%%, xrefs: 00402CCC

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: bae99d8ff7e2baad353350c7eaeb5d71397e6bffa89abe4dcb3f34ba705061ab
Instruction ID: 8c289f0fb36a9d27d262e5defce623c0a4e81db89a67886656150a2c4b5e1d8a
Opcode Fuzzy Hash: bae99d8ff7e2baad353350c7eaeb5d71397e6bffa89abe4dcb3f34ba705061ab
Instruction Fuzzy Hash: 00014F70944208BBEF249F60DD09EEE37A9EB04704F008039FA06B92E0D7B99955CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040273C, Relevance: 9.1, APIs: 6, Instructions: 86
memoryfileCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040273C(void* __ebx) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402ACB(0xfffffff0);
				 *(_t56 - 0x34) = _t23;
				if(E0040596F(_t50) == 0) {
					E00402ACB(0xffffffed);
				}
				E00405ADE(_t50);
				_t26 = E00405B03(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x423718;
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E0040318E(_t45);
						E00403178(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x3c) = _t54;
						if(_t54 != _t45) {
							_push( *(_t56 - 0x20));
							_push(_t54);
							_push(_t45);
							_push( *((intOrPtr*)(_t56 - 0x24)));
							E00402F9C();
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x84) =  *_t54;
								E00405ABE( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x84);
							}
							GlobalFree( *(_t56 - 0x3c));
						}
						E00405BAA( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						_push(_t45);
						_push(_t45);
						_push( *(_t56 + 8));
						_push(0xffffffff);
						 *((intOrPtr*)(_t56 - 0xc)) = E00402F9C();
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x34));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x4237a8 =  *0x4237a8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}

0x0040273c
0x0040273e
0x0040274a
0x0040274d
0x00402757
0x0040275b
0x0040275b
0x00402761
0x0040276e
0x00402776
0x00402779
0x0040277f
0x0040278d
0x00402792
0x00402796
0x00402799
0x004027a2
0x004027ae
0x004027b2
0x004027b5
0x004027b7
0x004027ba
0x004027bb
0x004027bc
0x004027bf
0x004027e4
0x004027c6
0x004027cb
0x004027d3
0x004027d9
0x004027de
0x004027de
0x004027eb
0x004027eb
0x004027f8
0x004027fe
0x00402804
0x00402805
0x00402806
0x00402809
0x00402810
0x00402810
0x00402816
0x00402816
0x00402821
0x00402822
0x00402826
0x0040282a
0x00402830
0x00402830
0x00402837
0x0040223d
0x0040295a
0x00402966

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402790
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 004027AC
GlobalFree.KERNEL32 ref: 004027EB
GlobalFree.KERNEL32 ref: 004027FE
CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402816
DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040282A

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 944d5df4e2bd3612c872eafde47f1d1a1e97deb8d5b3e09ab1338a5e9f264a1b
Instruction ID: 69dabb1dc5664d4cb3e0aedb1da4cd8560a2ff3041f204a353ec2f52c38cd3f1
Opcode Fuzzy Hash: 944d5df4e2bd3612c872eafde47f1d1a1e97deb8d5b3e09ab1338a5e9f264a1b
Instruction Fuzzy Hash: 7C21BF71C00128BBCF206FA5CE49D9E7A79EF04364F14423AF410762E0C7791D009FA9

Uniqueness

Uniqueness Score: -1.00%

Function 00404852, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84
stringCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00404852(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405F8C(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405F8C(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405F8C(_t41, _t47, 0x41fd08, 0x41fd08, _a8);
				wsprintfA(_t32 + lstrlenA(0x41fd08), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x422ed8, _a4, 0x41fd08);
			}

0x00404858
0x0040485d
0x00404865
0x00404866
0x00404873
0x0040487b
0x0040487c
0x0040487e
0x00404880
0x00404882
0x00404885
0x00404885
0x0040488c
0x00404892
0x00404892
0x00404899
0x004048a0
0x004048a3
0x004048a6
0x004048a6
0x004048aa
0x004048ba
0x004048bc
0x004048bf
0x00404868
0x00404868
0x0040486f
0x0040486f
0x004048c7
0x004048d2
0x004048e8
0x004048f8
0x00404914

APIs

lstrlenA.KERNEL32(Wave Browser Setup: Completed,Wave Browser Setup: Completed,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,0040476D,000000DF,00000000,00000400,?), ref: 004048F0
wsprintfA.USER32 ref: 004048F8
SetDlgItemTextA.USER32 ref: 0040490B

Strings

%u.%u%s%s, xrefs: 004048DA
Wave Browser Setup: Completed, xrefs: 004048E2, 004048E7, 004048ED, 00404901

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s$Wave Browser Setup: Completed
API String ID: 3540041739-1741231648
Opcode ID: fc39b083cafe0faf60dc0761f43273384c7893e0f8fea42348e0b2d59e8b85dc
Instruction ID: 0ac14a548df83272d562d6c5522d93b353c1d491cf82d9c84c752126d1ac48ba
Opcode Fuzzy Hash: fc39b083cafe0faf60dc0761f43273384c7893e0f8fea42348e0b2d59e8b85dc
Instruction Fuzzy Hash: 2A11D573A041243BDB0065A99C45EAF3288DB85374F254637FE25F71D2EA78CC1285A8

Uniqueness

Uniqueness Score: -1.00%

Function 00401D41, Relevance: 7.5, APIs: 5, Instructions: 39
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401D41(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x48);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402ACB(_t21), _t21,  *(_t27 - 0x40) *  *(_t27 - 0x20),  *(_t27 - 0x3c) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x4237a8 =  *0x4237a8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}

0x00401d4b
0x00401d52
0x00401d81
0x00401d89
0x00401d90
0x00401d90
0x0040295a
0x00402966

APIs

GetDlgItem.USER32 ref: 00401D45
GetClientRect.USER32 ref: 00401D52
LoadImageA.USER32 ref: 00401D73
SendMessageA.USER32 ref: 00401D81
DeleteObject.GDI32(00000000), ref: 00401D90

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 3e98e30495b11ed96e9f76979364d05835fcfdae40f81675b092c7602420f547
Instruction ID: 236c2df16a83e1707d8be159829b3a1190eecd98233effbe731bed35476ffb6f
Opcode Fuzzy Hash: 3e98e30495b11ed96e9f76979364d05835fcfdae40f81675b092c7602420f547
Instruction Fuzzy Hash: 01F0ECB2A04115BFDB01ABA4DE89DEFBBBCEB44305B044466F601F2191C6749D018B79

Uniqueness

Uniqueness Score: -1.00%

Function 00405902, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405902(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409014);
				}
				return _t7;
			}

0x00405903
0x0040591a
0x00405922
0x00405922
0x0040592a

APIs

lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004031C3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033E8,?,00000006,00000008,0000000A), ref: 00405908
CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004031C3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033E8,?,00000006,00000008,0000000A), ref: 00405911
lstrcatA.KERNEL32(?,00409014,?,00000006,00000008,0000000A), ref: 00405922

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405902

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3081826266
Opcode ID: 7d86c92969947f3077f9a158046bd063bc506289d00538d24d19a3cace2b88b5
Instruction ID: bd87ec63c1f35a98f82bf41febae71866d1aa3f85b5b5a32f8f6ee96ed89cac6
Opcode Fuzzy Hash: 7d86c92969947f3077f9a158046bd063bc506289d00538d24d19a3cace2b88b5
Instruction Fuzzy Hash: C6D0A9A26069316ED2022315AC09EEB2A0CCF16319B040022F600B62A2CA3C1D418BFE

Uniqueness

Uniqueness Score: -1.00%

Function 00402BCD, Relevance: 6.1, APIs: 4, Instructions: 63
registryCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E00402BCD(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				char _v272;
				void* _t19;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t32;
				signed int _t33;
				signed int _t34;

				_t33 = _a12;
				_t34 = _t33 & 0x00000300;
				_t32 = _t33 & 0x00000001;
				_t19 = E00405DF0(__eflags, _a4, _a8, _t34 | 0x00000008,  &_v8);
				if(_t19 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _t32;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 0x3eb;
						}
						_t25 = E00402BCD(__eflags, _v8,  &_v272, _a12);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00406302(3);
					if(_t27 == 0) {
						return RegDeleteKeyA(_a4, _a8);
					}
					return  *_t27(_a4, _a8, _t34, 0);
				}
				return _t19;
			}

0x00402bd8
0x00402be1
0x00402bea
0x00402bf6
0x00402bfd
0x00402c21
0x00402c07
0x00402c09
0x00402c5c
0x00000000
0x00402c62
0x00402c18
0x00402c1d
0x00402c1f
0x00000000
0x00000000
0x00402c1f
0x00402c3b
0x00402c43
0x00402c4a
0x00000000
0x00402c6f
0x00000000
0x00402c55
0x00402c79

APIs

RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C32
RegCloseKey.ADVAPI32(?,?,?), ref: 00402C3B
RegCloseKey.ADVAPI32(?,?,?), ref: 00402C5C

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Close$Enum
String ID:
API String ID: 464197530-0
Opcode ID: 7491e01b77a4f54db0745fefa8ef52e761586eb4c2d62f00184cdfe08c81871e
Instruction ID: 3f870e478545c218cbf8d1d8c83e1046b3ec80cd8b5b23ff6fd5b08b87a912e1
Opcode Fuzzy Hash: 7491e01b77a4f54db0745fefa8ef52e761586eb4c2d62f00184cdfe08c81871e
Instruction Fuzzy Hash: 76112B36504109FBEF129F91CE09F9E7B69AB48340F104072BE05B51E0E7B5AE11ABA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040599B, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040599B(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E0040592D(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}

0x004059a4
0x004059ab
0x004059ae
0x004059b0
0x004059b4
0x004059c9
0x004059e8
0x00000000
0x004059d0
0x004059d2
0x004059d3
0x004059d6
0x004059d7
0x004059df
0x00000000
0x00000000
0x004059e1
0x004059e4
0x00000000
0x00000000
0x00000000
0x004059e4
0x00000000
0x004059d3
0x004059c1
0x00000000
0x004059c2

APIs

CharNextA.USER32(?,?,C:\,?,00405A07,C:\,C:\,73BCFA90,?,C:\Users\user\AppData\Local\Temp\,00405752,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004059A9
CharNextA.USER32(00000000), ref: 004059AE
CharNextA.USER32(00000000), ref: 004059C2

Strings

C:\, xrefs: 0040599C

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CharNext
String ID: C:\
API String ID: 3213498283-3404278061
Opcode ID: 10bc9b63e27fd2895a2a79afc72dfc96a7ed1041d934c6f985c348dce719f526
Instruction ID: b251aa3e985fa887116ab65003500a8f213bfb7e3cc2aa31c3213714dbeb82a6
Opcode Fuzzy Hash: 10bc9b63e27fd2895a2a79afc72dfc96a7ed1041d934c6f985c348dce719f526
Instruction Fuzzy Hash: 22F0CDD1908F60AAFB3252684C45B675E88CB56371F1800ABE240A62C282B848408FAA

Uniqueness

Uniqueness Score: -1.00%

Function 00402CFF, Relevance: 6.0, APIs: 4, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402CFF(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x4168c0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423710;
						if(_t2 >  *0x423710) {
							_t3 = CreateDialogParamA( *0x423700, 0x6f, 0, E00402C7C, 0);
							 *0x4168c0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E0040633E(0);
					}
				} else {
					_t6 =  *0x4168c0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x4168c0 = 0;
					return _t6;
				}
			}

0x00402d06
0x00402d20
0x00402d26
0x00402d30
0x00402d36
0x00402d3c
0x00402d4d
0x00402d56
0x00000000
0x00402d5b
0x00402d62
0x00402d28
0x00402d2f
0x00402d2f
0x00402d08
0x00402d08
0x00402d0f
0x00402d12
0x00402d12
0x00402d18
0x00402d1f
0x00402d1f

APIs

DestroyWindow.USER32(00000000,00000000,00402EDF,00000001), ref: 00402D12
GetTickCount.KERNEL32 ref: 00402D30
CreateDialogParamA.USER32(0000006F,00000000,00402C7C,00000000), ref: 00402D4D
ShowWindow.USER32(00000000,00000005), ref: 00402D5B

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 10c80b0613a78b839ad02c7969bec3604bf4f1206715e27e9f15991f3fdd17a2
Instruction ID: f5aaf9fad63db9690dbd9b3812727a8d708a0014de572c02bbf4379bbf317f26
Opcode Fuzzy Hash: 10c80b0613a78b839ad02c7969bec3604bf4f1206715e27e9f15991f3fdd17a2
Instruction Fuzzy Hash: 42F05E70906220ABCA217F64FE4CACB7BA4FB45B527014576F145B11E4C3799C8ACBDD

Uniqueness

Uniqueness Score: -1.00%

Function 00405005, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
windowCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E00405005(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t11;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					__eflags = _t15 - 0x200;
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						__eflags = _t15 - 0x419;
						if(_t15 == 0x419) {
							__eflags =  *0x41fcf4 - _t16; // 0x0
							if(__eflags != 0) {
								_push(_t16);
								_push(6);
								 *0x41fcf4 = _t16;
								E004049DC();
							}
						}
						L11:
						return CallWindowProcA( *0x41fcfc, _a4, _t15, _a12, _t16);
					}
					_t11 = IsWindowVisible(_a4);
					__eflags = _t11;
					if(_t11 == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E0040495C(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 == 0x20) {
					E00404055(0x413);
					return 0;
				}
				goto L10;
			}

0x00405009
0x00405013
0x00405029
0x0040502f
0x00405051
0x00405054
0x00405054
0x0040505a
0x0040505c
0x00405062
0x00405064
0x00405065
0x00405067
0x0040506d
0x0040506d
0x00405062
0x00405077
0x00000000
0x00405085
0x00405034
0x0040503a
0x0040503c
0x00405074
0x00405074
0x00000000
0x00405074
0x00405048
0x0040504a
0x00000000
0x0040504a
0x00405019
0x00405020
0x00000000
0x00405025
0x00000000

APIs

IsWindowVisible.USER32(?), ref: 00405034
CallWindowProcA.USER32 ref: 00405085

Part of subcall function 00404055: SendMessageA.USER32 ref: 00404067

Strings

, xrefs: 00405015

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 3aee37f21ff99dc198a5fd33356f68d884607a106991554e7d1ecd4dd831c2ab
Instruction ID: 5be162d7cd7d71c2ccb341d7130f59d8c0266776e22eb2788f3d6f03133d665e
Opcode Fuzzy Hash: 3aee37f21ff99dc198a5fd33356f68d884607a106991554e7d1ecd4dd831c2ab
Instruction Fuzzy Hash: 2D019A7150060DABDF209F20DC80EAF3A25EB80354F204036FA14792D0C73A8891AEAA

Uniqueness

Uniqueness Score: -1.00%

Function 00405949, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405949(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}

0x0040594a
0x00405954
0x00405956
0x0040595d
0x00405965
0x00000000
0x00000000
0x00000000
0x00405965
0x00405967
0x0040596c

APIs

lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402DCF,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe,C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe,80000000,00000003), ref: 0040594F
CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402DCF,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe,C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe,80000000,00000003), ref: 0040595D

Strings

C:\Users\user\Desktop, xrefs: 00405949

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\Desktop
API String ID: 2709904686-224404859
Opcode ID: 714da30cf500cccbdd7b4a4277d37f3a4e299a669b52a45b343dae58782ad56f
Instruction ID: c4fcca613fcdd7c15110d01ecf8f186c4298fc2a4ba311cc039d9d6f64372384
Opcode Fuzzy Hash: 714da30cf500cccbdd7b4a4277d37f3a4e299a669b52a45b343dae58782ad56f
Instruction Fuzzy Hash: B7D0A7A3408D705EE3036310DC04B9F6A48CF12314F490062F080B61A5C67C1C424BAE

Uniqueness

Uniqueness Score: -1.00%

Function 00405A68, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CC3,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A78
lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405CC3,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A90
CharNextA.USER32(00000000,?,00000000,00405CC3,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405AA1
lstrlenA.KERNEL32(00000000,?,00000000,00405CC3,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405AAA

Memory Dump Source

Source File: 00000000.00000002.747502832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.747492589.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747524684.0000000000407000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747530488.0000000000409000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747546674.000000000041F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747557179.0000000000421000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747565446.0000000000424000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747573458.0000000000429000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747593862.000000000042F000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.747602291.0000000000437000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.747618774.000000000043B000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_Wave Browser_cg5vc6cx_.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 57b21f4120e00b08a3941e9ed4e610408d9ca53935617fe6296070accebd3829
Instruction ID: 037941339f6bd63fe355126afe518e0153d46939b0274778cc0aadc7e03f3bf8
Opcode Fuzzy Hash: 57b21f4120e00b08a3941e9ed4e610408d9ca53935617fe6296070accebd3829
Instruction Fuzzy Hash: 29F0C231605414AFC702DBA5DC40D9FBBA8EF46350B2541A6E800F7251D234EE01AFA9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: setup.exe PID: 3028 Parent PID: 6284 setup.exeCOMMON

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.5%
Total number of Nodes:	428
Total number of Limit Nodes:	14

Executed Functions

Function 00007FF678463AA0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 159
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileMappingW.KERNELBASE ref: 00007FF678463B59
MapViewOfFile.KERNEL32 ref: 00007FF678463BC4
GetLastError.KERNEL32 ref: 00007FF678463C97
SetLastError.KERNEL32 ref: 00007FF678463CD9

Strings

../../base/files/memory_mapped_file_win.cc, xrefs: 00007FF678463AF0
MapFileRegionToMemory, xrefs: 00007FF678463AE9

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorFileLast$CreateMappingView
String ID: ../../base/files/memory_mapped_file_win.cc$MapFileRegionToMemory
API String ID: 2231327692-1672964651
Opcode ID: 05799c7128bb138b0f9f8ab4c3c4375166214ded807967de4f1f1a0d891e699a
Instruction ID: 83918a5104d3e9ffb2e5572a80a4f61f085c0183b32cea4a48668d6bbd818384
Opcode Fuzzy Hash: 05799c7128bb138b0f9f8ab4c3c4375166214ded807967de4f1f1a0d891e699a
Instruction Fuzzy Hash: 0851F433B2CB9281EA209B26A4457BA6BA1FF44B84F614031EE4D87759EF7DDC418344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845AC9D, Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32 ref: 00007FF67845ACDA

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: ffe30c8e8cfa25110b6379707979211824a828f6f51b56226451c68cb8765819
Instruction ID: 55099cb5671a14f7b9623d7070c1bcbbcbd4bf7d659046a6fb77851e21e327fc
Opcode Fuzzy Hash: ffe30c8e8cfa25110b6379707979211824a828f6f51b56226451c68cb8765819
Instruction Fuzzy Hash: BDF0307362C7C185F7249B33A4543AE6E50BB81B88F240031DA8E4669EDFFDA8548704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845954B, Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 266
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetHandleInformation.KERNEL32 ref: 00007FF678459559
SetHandleInformation.KERNEL32 ref: 00007FF67845957E
CreateProcessW.KERNEL32 ref: 00007FF678459738
SetHandleInformation.KERNEL32 ref: 00007FF6784598C4

Strings

../../base/process/launch_win.cc, xrefs: 00007FF6784598A6, 00007FF678459B5A, 00007FF678459BC5

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: HandleInformation$CreateProcess
String ID: ../../base/process/launch_win.cc
API String ID: 302854529-3741534765
Opcode ID: 1c26a68e9a78106fe16cc234f83af7e8483afe843d1e4a770f14704ddad98d7c
Instruction ID: ab3c436bd045ce1ed138a8098efda63655dbbd371ebecdc2e0d0de8d26eb16b9
Opcode Fuzzy Hash: 1c26a68e9a78106fe16cc234f83af7e8483afe843d1e4a770f14704ddad98d7c
Instruction Fuzzy Hash: F9D14223A2C7C295EB619B32F4503BE6F51FB84744F600036DA8D82A99DFBCE8858745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678462120, Relevance: 10.6, APIs: 7, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Init_thread_header.LIBCMT ref: 00007FF678462189
GetVersionExW.KERNEL32 ref: 00007FF6784621BB
GetProductInfo.KERNEL32 ref: 00007FF6784621DD
_Init_thread_footer.LIBCMT ref: 00007FF678462238
_Init_thread_header.LIBCMT ref: 00007FF678462249

Part of subcall function 00007FF6785FA9CC: EnterCriticalSection.KERNEL32(?,?,?,00007FF678441193), ref: 00007FF6785FA9DC

GetNativeSystemInfo.KERNEL32 ref: 00007FF67846226D
_Init_thread_footer.LIBCMT ref: 00007FF67846229A

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: InfoInit_thread_footerInit_thread_header$CriticalEnterNativeProductSectionSystemVersion
String ID:
API String ID: 2554706446-0
Opcode ID: 63e915d9c23af3ed3a094c0acc9ef635164c352077a02be930400979afed0587
Instruction ID: 86af2767fe8155c4210b6690d3261e4beca8b807af46b271d723294477cc09dc
Opcode Fuzzy Hash: 63e915d9c23af3ed3a094c0acc9ef635164c352077a02be930400979afed0587
Instruction Fuzzy Hash: 5741AC37A28A42A5F610DB75E8516F63B60EF94758F304231EA5D832B4DF3CE9869708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784622B0, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 292
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6784622FC
IsWow64Process.KERNEL32 ref: 00007FF678462312

Part of subcall function 00007FF678462860: RegOpenKeyExW.KERNEL32(?,?,?,?,?,?,00000000,00007FF67846239B), ref: 00007FF678462896

Part of subcall function 00007FF6784628E0: RegQueryValueExW.KERNEL32(?,?,?,?,?,?,?,00000000,00007FF6784623BF), ref: 00007FF678462927

Part of subcall function 00007FF678462970: RegQueryValueExW.KERNEL32(?,?,00000000,?,00007FF6784623D9), ref: 00007FF6784629DF

Part of subcall function 00007FF678462810: RegCloseKey.KERNEL32(?,?,00000000,00007FF678462439), ref: 00007FF678462820

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00007FF67846237F
ReleaseId, xrefs: 00007FF6784623BF
UBR, xrefs: 00007FF6784623A3

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ProcessQueryValue$CloseCurrentOpenWow64
String ID: ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR
API String ID: 1114400673-4060060583
Opcode ID: dd3b6c181956fdb0178d8458c42f7b1fc342cdeb8c558a960db7bfea43ad24e2
Instruction ID: 1c73ce6732f77578ddac3d546813ab71bbb88489468ff5bdb46040b7e9bc942b
Opcode Fuzzy Hash: dd3b6c181956fdb0178d8458c42f7b1fc342cdeb8c558a960db7bfea43ad24e2
Instruction Fuzzy Hash: 53D1B633B28652A6E7748B26D45437A7BA0FB44754F204135DB8E83798EFBCE894C706

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67860A598, Relevance: 4.5, APIs: 3, Instructions: 19
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,00000003,00007FF67860A6AB), ref: 00007FF67860A5C1
TerminateProcess.KERNEL32(?,?,00000003,00007FF67860A6AB), ref: 00007FF67860A5CC
ExitProcess.KERNEL32 ref: 00007FF67860A5DB

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 99eb79205e1d8f55ea799435a50c51c9dd65893cdb5a63a21dcc85242e68197c
Instruction ID: 0545c1653afaa057a34aec8ffcefaa0a79ed50051b13d82de88cdbd34922ea23
Opcode Fuzzy Hash: 99eb79205e1d8f55ea799435a50c51c9dd65893cdb5a63a21dcc85242e68197c
Instruction Fuzzy Hash: 8CE04832B3430552E6555B35588567F2653BF84B81F204438C48F83352CD3DEC58A319

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678462970, Relevance: 3.1, APIs: 2, Instructions: 70
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNEL32(?,?,00000000,?,00007FF6784623D9), ref: 00007FF6784629DF
ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF678462A52

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: EnvironmentExpandQueryStringsValue
String ID:
API String ID: 1756134249-0
Opcode ID: 1d52ad93373bcb2fc674ffdf56bd869e170bc36513464651f06f8bde6f3314be
Instruction ID: 5012a519251fb7e43f93af12dd967e159ba067a553bae26d014342dd1f469748
Opcode Fuzzy Hash: 1d52ad93373bcb2fc674ffdf56bd869e170bc36513464651f06f8bde6f3314be
Instruction Fuzzy Hash: 0121C973B3869295F7709B26E4403AB6A55FB847D0F604032EE8DC3B88DEBCD9458B05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67860F114, Relevance: 3.0, APIs: 2, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointerEx.KERNEL32(?,?,?,00007FF678613C2B,?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF6785FC54F), ref: 00007FF67860F250
GetLastError.KERNEL32(?,?,?,00007FF678613C2B,?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF6785FC54F), ref: 00007FF67860F25A

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 80d11053989fc4d5a233edbec42bc45c4286b4a98fdbbc29d336b91b911bac92
Instruction ID: bd3485fce1643545fa3a73a7194e940b3c812ec8d916a37ac8b6325906e58055
Opcode Fuzzy Hash: 80d11053989fc4d5a233edbec42bc45c4286b4a98fdbbc29d336b91b911bac92
Instruction Fuzzy Hash: 7411C263A38A4251EA504BB5B48507A7B51AF40BB0F745331EA3E877D9CE3CD842930C

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678462860, Relevance: 3.0, APIs: 2, Instructions: 37
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(?,?,?,?,?,?,00000000,00007FF67846239B), ref: 00007FF678462896
RegCloseKey.KERNEL32(?,?,?,?,?,?,00000000,00007FF67846239B), ref: 00007FF6784628D2

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: CloseOpen
String ID:
API String ID: 47109696-0
Opcode ID: 1fda6c559fc1920b459e3408321db2c1d04288aa7d43a697e7db301e48904928
Instruction ID: bd0e1604dcb206c944f17285bd2fb2a0fbbdc6e46c905ad87407a1edd9e39037
Opcode Fuzzy Hash: 1fda6c559fc1920b459e3408321db2c1d04288aa7d43a697e7db301e48904928
Instruction Fuzzy Hash: 4101A223B29A5191FB404B26E89072B27A0AB88794F104031EE8F87714EF3CD8548740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6785FCDE8, Relevance: 1.6, APIs: 1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6785FC4A1,?,?,?,?,00007FF6786212C7), ref: 00007FF67860A60F

Part of subcall function 00007FF67860A53C: GetModuleHandleExW.KERNEL32 ref: 00007FF67860A558
Part of subcall function 00007FF67860A53C: GetProcAddress.KERNEL32 ref: 00007FF67860A56E
Part of subcall function 00007FF67860A53C: FreeLibrary.KERNEL32 ref: 00007FF67860A58B

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 63bdc1dbbb03e609bfdecf94da7d6f5fff68a7d8b284b135efd65b17adb41177
Instruction ID: 3ee145f4bb855aa6536e1de08150734a08107b12e6a1c8b4e7605c77e0043825
Opcode Fuzzy Hash: 63bdc1dbbb03e609bfdecf94da7d6f5fff68a7d8b284b135efd65b17adb41177
Instruction Fuzzy Hash: FB21BD33E347419AEB118F75C044AAE3BB0FB44349F24493AD60C82A86DF38D884DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784628E0, Relevance: 1.5, APIs: 1, Instructions: 41
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNEL32(?,?,?,?,?,?,?,00000000,00007FF6784623BF), ref: 00007FF678462927

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b868665a0f85f5750b04f82e5c49441fae65acd5f04f4d798e5bca1207d341c6
Instruction ID: 4df2525ca45e902890941f968262e5e56927dd2a0cd354d9da2fb565ab10bb28
Opcode Fuzzy Hash: b868665a0f85f5750b04f82e5c49441fae65acd5f04f4d798e5bca1207d341c6
Instruction Fuzzy Hash: 10016D33728642DBE7608F29E44025A7BE0EBC5794F614131EA8E87B58DF3CDC458B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784888F0, Relevance: 1.5, APIs: 1, Instructions: 29
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

UnmapViewOfFile.KERNEL32(?,?,?,?,00007FF678463A93,?,?,?,00007FF6784637E3), ref: 00007FF678488902

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: FileUnmapView
String ID:
API String ID: 2564024751-0
Opcode ID: 0fa58d394527ac7703f90c29966abfab93481168d69e964ddc30780420d76b15
Instruction ID: c23b256d96cab6604f0182de5cf28a5328ce71b197e4c46564836ba381172eba
Opcode Fuzzy Hash: 0fa58d394527ac7703f90c29966abfab93481168d69e964ddc30780420d76b15
Instruction Fuzzy Hash: 91F09022E2861142E964BF33A54137D1B20AF81B84F204530DF4E97659DFA8A8828349

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67844F050, Relevance: 1.5, APIs: 1, Instructions: 26
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000318,?,?,00007FF6785FA99F,?,?,?,00007FF678441782,?,?,?,00007FF678441668), ref: 00007FF67844F06A

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 65a6661e7f8d4544185e63a739ad057c6d009151a84a384eaeb9b37e60eeecd2
Instruction ID: 1b49a29d4ab633b50e2f5e1a1e6924eda3af6950b16ea5100ca37b4598df14c1
Opcode Fuzzy Hash: 65a6661e7f8d4544185e63a739ad057c6d009151a84a384eaeb9b37e60eeecd2
Instruction Fuzzy Hash: E3E09A03E2E65280FE255B3729006790EC04FDAFE4F284071DD4C87B8AFD5CAC869708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784510C0, Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHChangeNotify.SHELL32 ref: 00007FF6784510EF

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ChangeNotify
String ID:
API String ID: 3893256919-0
Opcode ID: cf9f54dc099c189893adab859b54987f890675a4de7b80be55a151f4e88a6cca
Instruction ID: 022c3d5ad1c6b59ed9953f71f33058d61a46bc17443d766051fa9cf42ee78321
Opcode Fuzzy Hash: cf9f54dc099c189893adab859b54987f890675a4de7b80be55a151f4e88a6cca
Instruction Fuzzy Hash: 94F0A72362E64581F940AF32F55137D2760AF88B94FA08030EE4D47704CF2CE843C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678462810, Relevance: 1.5, APIs: 1, Instructions: 22
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCloseKey.KERNEL32(?,?,00000000,00007FF678462439), ref: 00007FF678462820

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 40972148bb0ec558b1ccc59f2342928c225b531cfdd1b07044f34ea5966d4f32
Instruction ID: ada6fa10344464531046b611758e5339b033b37dd484b640ba32723105335bf5
Opcode Fuzzy Hash: 40972148bb0ec558b1ccc59f2342928c225b531cfdd1b07044f34ea5966d4f32
Instruction Fuzzy Hash: D9E06D37A05B1582FB298B66F09037A7360EB48B40F208030CB9E43754DFBDD8818300

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF678447880, Relevance: 19.6, APIs: 13, Instructions: 117threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00007FF6784478DE
GetThreadPriority.KERNEL32 ref: 00007FF6784478E3
GetCurrentThread.KERNEL32 ref: 00007FF6784478EB
SetThreadPriority.KERNEL32 ref: 00007FF6784478F5
QueryPerformanceCounter.KERNEL32 ref: 00007FF67844795A
GetCurrentThread.KERNEL32 ref: 00007FF678447963
SetThreadPriority.KERNEL32 ref: 00007FF67844796E
QueryPerformanceFrequency.KERNEL32 ref: 00007FF67844797F
_Init_thread_header.LIBCMT ref: 00007FF678447A16
_Init_thread_footer.LIBCMT ref: 00007FF678447A3F
_Init_thread_header.LIBCMT ref: 00007FF678447A50
QueryPerformanceCounter.KERNEL32 ref: 00007FF678447A71
_Init_thread_footer.LIBCMT ref: 00007FF678447A88

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Thread$CurrentPerformancePriorityQuery$CounterInit_thread_footerInit_thread_header$Frequency
String ID:
API String ID: 521408450-0
Opcode ID: 7d56607dc3bc44bf47606a62b612d31014a9775943dafa849caa731edbce7259
Instruction ID: 1657731ca83b4177d198af92e6b68039ba1209dd61a86e767c25ffa95c14fefa
Opcode Fuzzy Hash: 7d56607dc3bc44bf47606a62b612d31014a9775943dafa849caa731edbce7259
Instruction Fuzzy Hash: 5951D033A39E02E5F6129F35E8121367B64BF85BE4F315331E94D92261CF3CAA469708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678463310, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 86fileCOMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32 ref: 00007FF6784633C3
SetFilePointerEx.KERNEL32 ref: 00007FF6784633DB
SetEndOfFile.KERNEL32 ref: 00007FF6784633E8
SetFilePointerEx.KERNEL32 ref: 00007FF678463400

Strings

File::SetLength, xrefs: 00007FF678463446
SetLength, xrefs: 00007FF67846335B
../../base/files/file_win.cc, xrefs: 00007FF678463362

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: File$Pointer
String ID: ../../base/files/file_win.cc$File::SetLength$SetLength
API String ID: 1339342385-2248197467
Opcode ID: fa6731049030f8519f87c7b9dbc5837087119be7d5a990bcabc14c61df8a48a3
Instruction ID: f53124c66441e68ae7e3028e167f2c9d2d607ac9b9463c69fabdf85f8eb00316
Opcode Fuzzy Hash: fa6731049030f8519f87c7b9dbc5837087119be7d5a990bcabc14c61df8a48a3
Instruction Fuzzy Hash: F231B832B28A8291FA208F3AE4517FBABA0FF94B84F545031EE4D83655EF7CD9458704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678613E78, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF678613EE7
WriteFile.KERNEL32 ref: 00007FF67861419E
WriteFile.KERNEL32 ref: 00007FF6786141F0
GetLastError.KERNEL32 ref: 00007FF6786142F2
GetLastError.KERNEL32 ref: 00007FF678614352

Strings

MZx, xrefs: 00007FF678613EB3, 00007FF678613F52, 00007FF678613FFA, 00007FF6786140C2, 00007FF67861423C, 00007FF6786142C6

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID: MZx
API String ID: 1443284424-2575928145
Opcode ID: db1d6bc3c33a55e4c91d7c8c50f53b9e16c513e567e4fe2569fff9690146bed3
Instruction ID: 3fac858376da5b6bfdce8dc282ff374b7b9067369c8287095d805e6e52f80a70
Opcode Fuzzy Hash: db1d6bc3c33a55e4c91d7c8c50f53b9e16c513e567e4fe2569fff9690146bed3
Instruction Fuzzy Hash: 6DE1E173E28681AAE700CF75D0401AE7BB1FB45788F244126DE4E97B9AEE38D856D704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67860EB14, Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF67860EB8D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF67860EBA5
RtlVirtualUnwind.KERNEL32 ref: 00007FF67860EBE0
IsDebuggerPresent.KERNEL32 ref: 00007FF67860EC19
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF67860EC23
UnhandledExceptionFilter.KERNEL32 ref: 00007FF67860EC2E

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 23cc6bff61b78c16e7ee25e4b3366f080038f90177da2de55d303e003ae544d1
Instruction ID: 3f8c455fe9287a0622264f98ce75b95fa934d4b16d08ba7a8365c51b56b6dc48
Opcode Fuzzy Hash: 23cc6bff61b78c16e7ee25e4b3366f080038f90177da2de55d303e003ae544d1
Instruction Fuzzy Hash: 02319137628B8195EB60CF34E8406AE37A0FB88754F600136EA9D83B99DF3CC955CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845433D, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,00000000,Histogram.TooManyBuckets.1000,00007FF678471CE5), ref: 00007FF678454359

Strings

33333333, xrefs: 00007FF67845447E
UUUUUUUU, xrefs: 00007FF67845446B

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: AcquireExclusiveLock
String ID: 33333333$UUUUUUUU
API String ID: 4021432409-3483174168
Opcode ID: 7daa92df0ec6b34cfb6191cf400d3fab6922b086941c3a56394e9f562f2cdce5
Instruction ID: be3f5f11d29f9ff3ef41e41dcd6151dab291efa0fe597da8b8a6a86ead2767b9
Opcode Fuzzy Hash: 7daa92df0ec6b34cfb6191cf400d3fab6922b086941c3a56394e9f562f2cdce5
Instruction Fuzzy Hash: A751D6D3F69A5941EE108B22961427DDA53AB55FE0F7D8032CE5C4BB8CDE7CE9818308

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784599AC, Relevance: 3.0, APIs: 2, Instructions: 23processCOMMON

Download Yara Rule

APIs

CreateProcessAsUserW.ADVAPI32 ref: 00007FF6784599EE
DestroyEnvironmentBlock.USERENV ref: 00007FF6784599FE

Part of subcall function 00007FF678459EE0: GetCurrentProcess.KERNEL32 ref: 00007FF678459EFD

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Process$BlockCreateCurrentDestroyEnvironmentUser
String ID:
API String ID: 2795506918-0
Opcode ID: 69f2cd2f54d28c43643988b7925f46a0f034eaed6f0219fd74b5cc7959e961a0
Instruction ID: 042091034f9fc7508fa4e24107c8bd64edb5e6e5e7dc380019e022b426729813
Opcode Fuzzy Hash: 69f2cd2f54d28c43643988b7925f46a0f034eaed6f0219fd74b5cc7959e961a0
Instruction Fuzzy Hash: E3F01D33918B8186D770CF22B88036EBBA5FBC4B90F144126EACD83A59DF3CD4518B04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784B4340, Relevance: 16.6, APIs: 11, Instructions: 95synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00000001,00000021,?), ref: 00007FF6784B4364
TerminateProcess.KERNEL32(?,?,?,00000001,00000021,?), ref: 00007FF6784B436F
GetCurrentProcess.KERNEL32(?,?,?,00000001,00000021,?), ref: 00007FF6784B4387
WaitForSingleObject.KERNEL32(?,?,?,00000001,00000021,?), ref: 00007FF6784B4395
GetLastError.KERNEL32(?,?,?,00000001,00000021,?), ref: 00007FF6784B43DC
GetCurrentProcess.KERNEL32(?,?,?,00000001,00000021,?), ref: 00007FF6784B43E8
WaitForSingleObject.KERNEL32(?,?,?,00000001,00000021,?), ref: 00007FF6784B43F6
GetCurrentProcess.KERNEL32 ref: 00007FF6784B4417
GetExitCodeProcess.KERNEL32 ref: 00007FF6784B4425
GetCurrentProcess.KERNEL32(?,?,?,00000001,00000021,?), ref: 00007FF6784B4462
GetCurrentProcess.KERNEL32 ref: 00007FF6784B447F

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Process$Current$ObjectSingleWait$CodeErrorExitLastTerminate
String ID:
API String ID: 2432511979-0
Opcode ID: 6b6a451ef962a60a918f1f163a55c0c184c39c26fb0d1aaf94d4b23fb635fa7f
Instruction ID: 0c768610772241f549bffdc0b8f43820f3bfa06f1923f2915cd8feb9d42a0879
Opcode Fuzzy Hash: 6b6a451ef962a60a918f1f163a55c0c184c39c26fb0d1aaf94d4b23fb635fa7f
Instruction Fuzzy Hash: 13418323F2C542D5FA649733944433E1EA09F84BA4F384431CA0EC3699DFACAC659349

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67844E6C1, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 209COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF67844E8D5

Part of subcall function 00007FF6785FA980: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6785FA9B0

_Init_thread_footer.LIBCMT ref: 00007FF67844E6FC

Part of subcall function 00007FF6785FAEE8: EnterCriticalSection.KERNEL32(?,?,?,00007FF6784411D0), ref: 00007FF6785FAEF8
Part of subcall function 00007FF6785FAEE8: LeaveCriticalSection.KERNEL32(?,?,?,00007FF6784411D0), ref: 00007FF6785FAF38

_Init_thread_header.LIBCMT ref: 00007FF67844E75F
_Init_thread_footer.LIBCMT ref: 00007FF67844E78C
_Init_thread_header.LIBCMT ref: 00007FF67844E6C8

Part of subcall function 00007FF6785FA9CC: EnterCriticalSection.KERNEL32(?,?,?,00007FF678441193), ref: 00007FF6785FA9DC

_Init_thread_footer.LIBCMT ref: 00007FF67844E902

Strings

heap_profiler_predicate, xrefs: 00007FF67844E80F, 00007FF67844E837
event_whitelist_predicate, xrefs: 00007FF67844E7B6, 00007FF67844E7EE
event_name_whitelist, xrefs: 00007FF67844E984

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: CriticalInit_thread_footerInit_thread_headerSection$Enter$Concurrency::cancel_current_taskLeave
String ID: event_name_whitelist$event_whitelist_predicate$heap_profiler_predicate
API String ID: 2334296950-959554088
Opcode ID: d180a5b833ee1189446d12056fedf6151e9946101b12a8410ec3a782874537d4
Instruction ID: 34cd8a92a2add4af2aeffbf1ec2ed3f99599ff46f9283b909eceb2c5186437d7
Opcode Fuzzy Hash: d180a5b833ee1189446d12056fedf6151e9946101b12a8410ec3a782874537d4
Instruction Fuzzy Hash: E2915427A29A4285EA50DB26E45037A6F60FFC47A4F604231EA5E873E5DF7CED41C708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67844EF00, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 93libraryloaderCOMMON

Download Yara Rule

APIs

EventRegister.ADVAPI32(00000000,?,00000000,?,?,00007FF67844EEE2), ref: 00007FF67844EF8D
GetModuleHandleExW.KERNEL32 ref: 00007FF67844EFB8
GetProcAddress.KERNEL32 ref: 00007FF67844EFCE
FreeLibrary.KERNEL32 ref: 00007FF67844EFF3
GetModuleHandleExW.KERNEL32 ref: 00007FF67844F03F

Strings

EventSetInformation, xrefs: 00007FF67844EFC7
api-ms-win-eventing-provider-l1-1-0.dll, xrefs: 00007FF67844EFAD
Google.Chrome, xrefs: 00007FF67844EF0A
advapi32.dll, xrefs: 00007FF67844F02F

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: HandleModule$AddressEventFreeLibraryProcRegister
String ID: EventSetInformation$Google.Chrome$advapi32.dll$api-ms-win-eventing-provider-l1-1-0.dll
API String ID: 503842981-1037291142
Opcode ID: f5750f58669a8214d5f3cce8b6e67e7ae4e54006f4f5790c5dd9b2f97acb2960
Instruction ID: 17333fc1636759f15b9dca1bf6e8e58afdf0f74de517903436f0a79016e409b9
Opcode Fuzzy Hash: f5750f58669a8214d5f3cce8b6e67e7ae4e54006f4f5790c5dd9b2f97acb2960
Instruction Fuzzy Hash: 5931937362864292E7209F32F84027767E0FB98B94F604036DE8EC7655DE7CE9059308

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678471FB0, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 231threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF678472083
GetLocalTime.KERNEL32(?,?,?,?,../../base/metrics/persistent_memory_allocator.cc,?,0000001A,00000002,00000000,?,00007FF678471FA0,?,?,?,?,00007FF67845802C), ref: 00007FF6784720C7

Part of subcall function 00007FF678472370: GetCurrentProcessId.KERNEL32(?,?,?,00000002,?,?,?,?,../../base/metrics/persistent_memory_allocator.cc,?,0000001A,00000002,00000000,?,00007FF678471FA0), ref: 00007FF678472378

GetTickCount.KERNEL32 ref: 00007FF678472309

Strings

:.}z, xrefs: 00007FF678472206
)] , xrefs: 00007FF678472248
../../base/metrics/persistent_memory_allocator.cc, xrefs: 00007FF678471FB7
UNKNOWN, xrefs: 00007FF67847235C
VERBOSE, xrefs: 00007FF678472334

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Current$CountLocalProcessThreadTickTime
String ID: )] $../../base/metrics/persistent_memory_allocator.cc$:.}z$UNKNOWN$VERBOSE
API String ID: 815555739-2990853121
Opcode ID: 9564e9b793c6be1536fec1b6977d220bd6bc89f45f87e4179aed2aba20bc07ff
Instruction ID: 58d8911cabeed90b79959e900e2d9437d1b8ea689f5b457a1cae19a6af16e814
Opcode Fuzzy Hash: 9564e9b793c6be1536fec1b6977d220bd6bc89f45f87e4179aed2aba20bc07ff
Instruction Fuzzy Hash: C6A1D523B2969290EB24DB32D4503B92F90EB85BD4F605131EE4E8779ADFBDE941C344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67862D5BC, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF67862D4E3,?,?,00000000,00007FF67861D66E,?,?,?,00007FF6785FC801), ref: 00007FF67862D63F
GetLastError.KERNEL32(?,?,?,00007FF67862D4E3,?,?,00000000,00007FF67861D66E,?,?,?,00007FF6785FC801), ref: 00007FF67862D64D
LoadLibraryExW.KERNEL32(?,?,?,00007FF67862D4E3,?,?,00000000,00007FF67861D66E,?,?,?,00007FF6785FC801), ref: 00007FF67862D677
FreeLibrary.KERNEL32(?,?,?,00007FF67862D4E3,?,?,00000000,00007FF67861D66E,?,?,?,00007FF6785FC801), ref: 00007FF67862D6BD
GetProcAddress.KERNEL32(?,?,?,00007FF67862D4E3,?,?,00000000,00007FF67861D66E,?,?,?,00007FF6785FC801), ref: 00007FF67862D6C9

Strings

MZx, xrefs: 00007FF67862D5DA, 00007FF67862D688, 00007FF67862D6A6
api-ms-, xrefs: 00007FF67862D65F

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: MZx$api-ms-
API String ID: 2559590344-259127448
Opcode ID: adc2637af9402ba65d050d8a86da6e2479fe3815a006796f7208a4ff2c1ee931
Instruction ID: 6eef1711a25639a0400262ae6dfba27c658cad611b98e1bdd8bc2b78bf66edb3
Opcode Fuzzy Hash: adc2637af9402ba65d050d8a86da6e2479fe3815a006796f7208a4ff2c1ee931
Instruction Fuzzy Hash: 0D31DB23B2A656B5EE11DB22A808D362B94BF44FA4F690535EE1D87394DF3CE8509708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678463E90, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98fileCOMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNEL32 ref: 00007FF678463F38
MapViewOfFile.KERNEL32 ref: 00007FF678463F72
GetLastError.KERNEL32 ref: 00007FF678463FCC
SetLastError.KERNEL32 ref: 00007FF67846400E

Strings

../../base/files/memory_mapped_file_win.cc, xrefs: 00007FF678463ED7
MapImageToMemory, xrefs: 00007FF678463ED0

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorFileLast$CreateMappingView
String ID: ../../base/files/memory_mapped_file_win.cc$MapImageToMemory
API String ID: 2231327692-1841746395
Opcode ID: d1802802d854266c41a59363fd8a1f756eac8e98eea7c462a1678d1aeedd98ff
Instruction ID: 1eae56f25259ddae06d415d2d2f1c01a30bfc1600a0ca9f1704e0c9c221d998f
Opcode Fuzzy Hash: d1802802d854266c41a59363fd8a1f756eac8e98eea7c462a1678d1aeedd98ff
Instruction Fuzzy Hash: 6741B232B28A8281FA24DF36E4197AA6BA1FF85744F644030DE4D83795EF7DD8468304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67862EE5C, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF67862EE8D
GetLastError.KERNEL32 ref: 00007FF67862EE99
CloseHandle.KERNEL32 ref: 00007FF67862EEB1
CreateFileW.KERNEL32 ref: 00007FF67862EEDC
WriteConsoleW.KERNEL32 ref: 00007FF67862EEFB

Strings

CONOUT$, xrefs: 00007FF67862EEBD

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 200e98005cc5b26fcaf53fae46a40ceaa791268869de788c89697f15c96316b6
Instruction ID: 0c76e766f6f4bf4f6461f5af597febc5a13b67a9e1d2dec41cd2b96aefeaf465
Opcode Fuzzy Hash: 200e98005cc5b26fcaf53fae46a40ceaa791268869de788c89697f15c96316b6
Instruction Fuzzy Hash: 8A118422B28A5196E3508B62F84432A6BA4FB88FE4F244234E95DC7798DF7CDC549748

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784B6CA0, Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 342threadCOMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF6784B6CFB
GetCurrentThreadId.KERNEL32 ref: 00007FF6784B6D1A
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF6784B7147

Strings

(%.3f ms), xrefs: 00007FF6784B7065
E, xrefs: 00007FF6784B6D32

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread
String ID: (%.3f ms)$E
API String ID: 135963836-2157862799
Opcode ID: 98ed805ee5d10cadcdac3e7191eceec5650de2704d026993c0b791b0689d2c42
Instruction ID: 84b85e9759adee14d25d63185c93cc33d635a507e17550c1f654d2e8d1c8ec99
Opcode Fuzzy Hash: 98ed805ee5d10cadcdac3e7191eceec5650de2704d026993c0b791b0689d2c42
Instruction Fuzzy Hash: D5F18373A28B8295EA20DF36E4402AE7F60FB85B84F544136DA8C87B59DF7CE945C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678455460, Relevance: 9.1, APIs: 6, Instructions: 67COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF6784554C9
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF678455508
_Init_thread_header.LIBCMT ref: 00007FF67845552C
_Init_thread_footer.LIBCMT ref: 00007FF67845555D
_Init_thread_header.LIBCMT ref: 00007FF67845556E

Part of subcall function 00007FF6785FA9CC: EnterCriticalSection.KERNEL32(?,?,?,00007FF678441193), ref: 00007FF6785FA9DC

_Init_thread_footer.LIBCMT ref: 00007FF678455593

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveInit_thread_footerInit_thread_headerLock$AcquireCriticalEnterReleaseSection
String ID:
API String ID: 2670297682-0
Opcode ID: 2b1b95663567b4679be41cc96085dc80ed324a4614d68588524da94cd5bf9625
Instruction ID: 2ddfa41f5546e7365477eed73cf23e1f2805ffb166f2840a605e2d3ac25af718
Opcode Fuzzy Hash: 2b1b95663567b4679be41cc96085dc80ed324a4614d68588524da94cd5bf9625
Instruction Fuzzy Hash: 97312C22A38A02E5FA00DB35E89117A2FA0BF54768F714132E91DC72A5DF6CFD85D708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678460250, Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 313COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF67846075E
_Init_thread_footer.LIBCMT ref: 00007FF678460796

Strings

file, xrefs: 00007FF6784603C5
mailto, xrefs: 00007FF67846069E
filesystem, xrefs: 00007FF678460413

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: file$filesystem$mailto
API String ID: 4092853384-1079950657
Opcode ID: 79f2531e42e521edcf172d2555ff8b6a7ad6496a12e57307b87fc250c1eddecb
Instruction ID: 224dd9c270970dc85ac96f406faf5801157dc7d0c3aec4fa6dd4fff825a6eafa
Opcode Fuzzy Hash: 79f2531e42e521edcf172d2555ff8b6a7ad6496a12e57307b87fc250c1eddecb
Instruction Fuzzy Hash: F5E1D233728B8285E660DF22E9503AABB61FF85784F644131DA8C83799EF7CE945C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678451890, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129timeCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32 ref: 00007FF678451907
GetSystemTimeAsFileTime.KERNEL32(?,?,00000000,?,00007FF678451873,?,?,00000000,00007FF6784C9800,?,?,?,?,00000000,00000000,00007FF6784CA39E), ref: 00007FF6784519C7
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF678451A17

Strings

gfffffff, xrefs: 00007FF678451A1D
gfffffff, xrefs: 00007FF6784519CD

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Time$FileSystem$CounterPerformanceQuery
String ID: gfffffff$gfffffff
API String ID: 3444630516-161084747
Opcode ID: 5c4dc9eb7400f7aed90948377d3cfd1112f8b26a032cc4a19b091026f15cbf0a
Instruction ID: 48d2e29881752ab8b65a95a0744cb0fc8423a76f0546ad639e65642a249fbc30
Opcode Fuzzy Hash: 5c4dc9eb7400f7aed90948377d3cfd1112f8b26a032cc4a19b091026f15cbf0a
Instruction Fuzzy Hash: 1F41E472B29B0691EE50CB27B94026A6BA0FB88BE4F645031ED1DC77A4DF7CE941D305

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845CA30, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 00007FF67845CB02
GetLastError.KERNEL32 ref: 00007FF67845CB4F

Strings

File::Read, xrefs: 00007FF67845CB6C
Read, xrefs: 00007FF67845CA85
../../base/files/file_win.cc, xrefs: 00007FF67845CA8C

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: ../../base/files/file_win.cc$File::Read$Read
API String ID: 1948546556-1732825555
Opcode ID: 49aa987d1da79e4b2f05f5b0128a09bfb7beb3f5bf9a8f75f61023bdab74b345
Instruction ID: 9c4148c15e0275d37bd50f77e15490f277e83aa44c60ef4bd4d7612ba52aa6a7
Opcode Fuzzy Hash: 49aa987d1da79e4b2f05f5b0128a09bfb7beb3f5bf9a8f75f61023bdab74b345
Instruction Fuzzy Hash: 60311722A2CA95A1F6218F36F4017FAA760FF947A4F105131ED4C83694EF7DDA86C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67860A53C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF67860A558
GetProcAddress.KERNEL32 ref: 00007FF67860A56E
FreeLibrary.KERNEL32 ref: 00007FF67860A58B

Strings

mscoree.dll, xrefs: 00007FF67860A54F
CorExitProcess, xrefs: 00007FF67860A567

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: d5217012137aa3b51be252bf37fdbbf001c0c652f9a674c1b7ad6db8ddfd84fe
Instruction ID: 5b1dfb4aea7a5e7802761bdc6c8f5f6d9323cdf74b5f555622effbb61f602cb6
Opcode Fuzzy Hash: d5217012137aa3b51be252bf37fdbbf001c0c652f9a674c1b7ad6db8ddfd84fe
Instruction Fuzzy Hash: 92F054A2B39A02A1EF554B71D88477A1B61FF44B81F241039D44FC6564CE3CDD48E319

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678613B94, Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF678613BD6
GetConsoleMode.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF6785FC54F,?,?,?,00000000), ref: 00007FF678613C94
GetLastError.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF6785FC54F,?,?,?,00000000), ref: 00007FF678613D1E

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
String ID:
API String ID: 2210144848-0
Opcode ID: 8021a388edcbf8c72ad827a53119f4354342119fc98f392291d8bf611129702d
Instruction ID: 7bf7a0f2d6164760d92d151f8787e2839c7a1d87c9e81df557f06be1bb6d0000
Opcode Fuzzy Hash: 8021a388edcbf8c72ad827a53119f4354342119fc98f392291d8bf611129702d
Instruction Fuzzy Hash: FB81BF23E38612A9FB509B7599402BE2E61BB54B84F640136DE0F93796DF3CAC45E318

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678448B00, Relevance: 7.7, APIs: 5, Instructions: 168threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF678448DE0: TlsGetValue.KERNEL32 ref: 00007FF678448DEE

GetCurrentThreadId.KERNEL32 ref: 00007FF678448B56
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF678448BFC
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF678448C7D
_Init_thread_header.LIBCMT ref: 00007FF678448C96
_Init_thread_footer.LIBCMT ref: 00007FF678448CD4

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentInit_thread_footerInit_thread_headerReleaseThreadValue
String ID:
API String ID: 2678241846-0
Opcode ID: 098b9fa1971629f4e1fcb613735aa422f98eabaeee767e68bbf72fa15b4c80fa
Instruction ID: 339d949357a487c1264109bf932b3e294f43b6cf29e2da6d9081f455465cb2ba
Opcode Fuzzy Hash: 098b9fa1971629f4e1fcb613735aa422f98eabaeee767e68bbf72fa15b4c80fa
Instruction Fuzzy Hash: 8371B263A29A4291FA509F32E4503BA6B90BFD4B94F604031EE8D83799DF7CEC45C308

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67844BC70, Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF67844BC8E
TryAcquireSRWLockExclusive.KERNEL32(3F800000,00000000,?,?,00007FF67844BC65,?,?,?,00007FF67844BB23), ref: 00007FF67844BCCB
ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF67844BB23,?,?,?,?,?,?,?,?,?,?,00000000,00007FF678448982), ref: 00007FF67844BD27
_Init_thread_header.LIBCMT ref: 00007FF67844BD5E
_Init_thread_footer.LIBCMT ref: 00007FF67844BD93

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireInit_thread_footerInit_thread_headerReleaseValue
String ID:
API String ID: 3774927250-0
Opcode ID: 78667ca4d03baea43291d08227a94a2a9b167431b1c0e2275c6002f05f3f4227
Instruction ID: c51639ede5de559945f7bcc86aec9daddef429a68b6fdf7d470781aff6331123
Opcode Fuzzy Hash: 78667ca4d03baea43291d08227a94a2a9b167431b1c0e2275c6002f05f3f4227
Instruction Fuzzy Hash: 7331A27392860296FA00DFB6E8801792FA1EF94B64F700631DA5EC32E5DF7DAC519708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67844AF70, Relevance: 7.6, APIs: 5, Instructions: 86COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF67844AFA8
TlsSetValue.KERNEL32 ref: 00007FF67844AFD4
TlsSetValue.KERNEL32 ref: 00007FF67844B002
TlsFree.KERNEL32 ref: 00007FF67844B052

Part of subcall function 00007FF67844B1C0: TlsAlloc.KERNEL32(?,00000000,?,00007FF67844BD52,3F800000,00000000,?,?,00007FF67844BC65,?,?,?,00007FF67844BB23), ref: 00007FF67844B1C8

TlsFree.KERNEL32 ref: 00007FF67844B086

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Value$Free$Alloc
String ID:
API String ID: 4173863045-0
Opcode ID: 77ce46446ea43eb47cfb7fe3c4ca093996de64fde13018819ecb1def7a8c72f5
Instruction ID: 387fa0f8b613b6f2cd9e85022cb5db37162a37fd33b06732c698d6c97d400608
Opcode Fuzzy Hash: 77ce46446ea43eb47cfb7fe3c4ca093996de64fde13018819ecb1def7a8c72f5
Instruction Fuzzy Hash: D031C833A281018AF664DB7694102BA7B519FC8795F204734F67D877DADE7CED068B08

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845CE00, Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

_Init_thread_footer.LIBCMT ref: 00007FF67845CE65

Part of subcall function 00007FF6785FAEE8: EnterCriticalSection.KERNEL32(?,?,?,00007FF6784411D0), ref: 00007FF6785FAEF8
Part of subcall function 00007FF6785FAEE8: LeaveCriticalSection.KERNEL32(?,?,?,00007FF6784411D0), ref: 00007FF6785FAF38

_Init_thread_header.LIBCMT ref: 00007FF67845CE34

Part of subcall function 00007FF6785FA9CC: EnterCriticalSection.KERNEL32(?,?,?,00007FF678441193), ref: 00007FF6785FA9DC

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF67845CDF2,?,?,?,?,00007FF67845CD7D,?,?,?,00007FF67845CD61), ref: 00007FF67845CE74
_Init_thread_header.LIBCMT ref: 00007FF67845CF05
_Init_thread_footer.LIBCMT ref: 00007FF67845CF36

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: CriticalSection$EnterInit_thread_footerInit_thread_header$AcquireExclusiveLeaveLock
String ID:
API String ID: 2014417079-0
Opcode ID: c9005840f097c16d978a82f20cc5df62f8d54c83e3e9a2cf760784d6d3441320
Instruction ID: 38d971a3b7ea0d3871e8b05e616a2eadbf9fe398b8e0ee403a1d8ca5a314f532
Opcode Fuzzy Hash: c9005840f097c16d978a82f20cc5df62f8d54c83e3e9a2cf760784d6d3441320
Instruction Fuzzy Hash: 66419423D2964391FA50EB36E9903BA2B50AF58760F305231D94DC32A6CF3CBCC58749

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67847CA90, Relevance: 7.5, APIs: 5, Instructions: 41threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00007FF67847CAA8
SetThreadPriority.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FF67847CABD

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Thread$CurrentPriority
String ID:
API String ID: 1343868529-0
Opcode ID: 06d7487e3b26f9ebcc9a8da175151be1689f3685a130f77ba68dee661049b67b
Instruction ID: eda62e5ea22359b518a7472f3f900f3035bcd23a56c9f8506769f60616f339bd
Opcode Fuzzy Hash: 06d7487e3b26f9ebcc9a8da175151be1689f3685a130f77ba68dee661049b67b
Instruction Fuzzy Hash: 7D01A727F2965292FA219736A84027A2E51DF95FB6F704130C91DC2398DD7CEC879309

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784CA5F0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF6784CA662
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF6784CA68A

Strings

process-, xrefs: 00007FF6784CA7EC
ss-phase, xrefs: 00007FF6784CA7F9

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: process-$ss-phase
API String ID: 17069307-1645460407
Opcode ID: 1fd0db8749c8e2a4565d458a32f99334d110e44b77e7dd5678bdd2560d192c0d
Instruction ID: 01bd6f7cf0c4655a86874bb4280d8415bf306dcc91a83f1360ed93e11fac3f44
Opcode Fuzzy Hash: 1fd0db8749c8e2a4565d458a32f99334d110e44b77e7dd5678bdd2560d192c0d
Instruction Fuzzy Hash: 82919163B28A8191EA209B27E4007BA7BA5BF94784F604531DE4D8774ADF7CE946C708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678451120, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 160synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF678451254

Part of subcall function 00007FF678448700: QueryPerformanceCounter.KERNEL32 ref: 00007FF678448738

WaitForSingleObject.KERNEL32 ref: 00007FF67845137C

Strings

../../base/synchronization/waitable_event_win.cc, xrefs: 00007FF6784512FE
TimedWait, xrefs: 00007FF6784512F7

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ObjectSingleWait$CounterPerformanceQuery
String ID: ../../base/synchronization/waitable_event_win.cc$TimedWait
API String ID: 2161673850-3163266676
Opcode ID: 3bd7b20a7146d1ced4f91fbe29b07996ca8ff9ca8cfac475a71556cf4bdd55c2
Instruction ID: 5411ab54d3fe288092a6c093ee0d6eeb890098badf6c9f98735742138c9c6ba4
Opcode Fuzzy Hash: 3bd7b20a7146d1ced4f91fbe29b07996ca8ff9ca8cfac475a71556cf4bdd55c2
Instruction Fuzzy Hash: BC510823A2D7C551FB209736D4153BEABA0AF847A4F640131EA5EC66D9EFACD8C5C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784B4610, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 141COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF6784B464E
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF6784B46B3

Part of subcall function 00007FF6784CA5F0: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF6784CA662
Part of subcall function 00007FF6784CA5F0: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF6784CA68A

Strings

../../base/debug/activity_tracker.cc, xrefs: 00007FF6784B4754
RecordProcessExit, xrefs: 00007FF6784B474D

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ../../base/debug/activity_tracker.cc$RecordProcessExit
API String ID: 17069307-2038026062
Opcode ID: dc4863385943584c21e32aabaeef61b664514be00215b7eb6bc8050ca884cfef
Instruction ID: a8400ef472603b60c9be83efaaf6fda21d64b9a458cba44c03ac44c6b24f1690
Opcode Fuzzy Hash: dc4863385943584c21e32aabaeef61b664514be00215b7eb6bc8050ca884cfef
Instruction Fuzzy Hash: 3251D523A19B8185EB118F32A4003AD6BA0FF88B94F644231EE4D57799DF7CE986C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67844FA30, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF67844FAD3
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF67844FAE3
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF67844FB4F

Part of subcall function 00007FF678447770: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF6784477BB

Strings

ThreadLocalEventBuffer, xrefs: 00007FF67844FAB4

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$Acquire$CurrentReleaseThread
String ID: ThreadLocalEventBuffer
API String ID: 1385397084-137470936
Opcode ID: 1ec99d3ce872bf10f976bea1b58f2a07aa91ffead0ebee5f653bbf9d660d35ea
Instruction ID: 5bf45fafa493a3e7b90a963ecb504f80823b4f6d6cee0058bfef2d8d46d66e93
Opcode Fuzzy Hash: 1ec99d3ce872bf10f976bea1b58f2a07aa91ffead0ebee5f653bbf9d660d35ea
Instruction Fuzzy Hash: B241C173A28B4691EA01DF22E4101AA7BA0FF84B90F744132EA4D837A9DE7CD946C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678459F60, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF67845A01C
GetCurrentThreadId.KERNEL32 ref: 00007FF678459FBC

Part of subcall function 00007FF678448700: QueryPerformanceCounter.KERNEL32 ref: 00007FF678448738

Strings

ScopedMayLoadLibraryAtBackgroundPriority : Priority Increased, xrefs: 00007FF67845A066
ScopedMayLoadLibraryAtBackgroundPriority, xrefs: 00007FF67845A006

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: CurrentThread$CounterPerformanceQuery
String ID: ScopedMayLoadLibraryAtBackgroundPriority$ScopedMayLoadLibraryAtBackgroundPriority : Priority Increased
API String ID: 1058255813-3597462364
Opcode ID: 33691f4dd2af279f945ba9eb9e194bcc3f24d93b021e9b4f13aee846f70f8848
Instruction ID: 2dfcd36bc625f3233aaa734ffe37786f8e6d18d339ee51fef5bcdc21f37594a5
Opcode Fuzzy Hash: 33691f4dd2af279f945ba9eb9e194bcc3f24d93b021e9b4f13aee846f70f8848
Instruction Fuzzy Hash: BF31A23392C78685F6609F31B8503AA7FE0EB95798F340135EA8D83659DFBCD8818744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678463D20, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON

Download Yara Rule

APIs

GetFileSizeEx.KERNEL32 ref: 00007FF678463DC3

Strings

GetLength, xrefs: 00007FF678463D66
../../base/files/file_win.cc, xrefs: 00007FF678463D6D
File::GetLength, xrefs: 00007FF678463E0E

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: FileSize
String ID: ../../base/files/file_win.cc$File::GetLength$GetLength
API String ID: 3433856609-2366038222
Opcode ID: 00ef676b29c65b816474247974fd02d5be3960de0b164f5761997ff44cacd0f5
Instruction ID: a7793fcc9752cb198b81b860664bf2cb7493e9e70c243a8be36807515235a0b8
Opcode Fuzzy Hash: 00ef676b29c65b816474247974fd02d5be3960de0b164f5761997ff44cacd0f5
Instruction Fuzzy Hash: FA21D732A2CAC6A1FA205B39E5017FBA7A0FF94784F502130E94D43B59DF2DDA46C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678450980, Relevance: 6.1, APIs: 4, Instructions: 107COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF678450990
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF678450A03
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF678450A83
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF678450B01

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: 1407178e7f281a3e80a5681a39d3c126295d6b7b1151c42436837deb5501d519
Instruction ID: 1522a67854b5a55953053830d5b57fe63239f5c077d185efc5bf2c9071ca4c93
Opcode Fuzzy Hash: 1407178e7f281a3e80a5681a39d3c126295d6b7b1151c42436837deb5501d519
Instruction Fuzzy Hash: A5415C37A18B1292EA58DF26D15436D2BA0FB98F94F144031CF4D87B49DF7CE9A18748

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678479710, Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF678479759
_Init_thread_footer.LIBCMT ref: 00007FF6784797AF
_Init_thread_header.LIBCMT ref: 00007FF6784797BD

Part of subcall function 00007FF6785FA9CC: EnterCriticalSection.KERNEL32(?,?,?,00007FF678441193), ref: 00007FF6785FA9DC

_Init_thread_footer.LIBCMT ref: 00007FF6784797FB

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header$CriticalEnterSection
String ID:
API String ID: 371409586-0
Opcode ID: a08775a739f19f016e88a62a39ad56b3d14761879f02b6b4a6d417625c82a873
Instruction ID: 5d1d9b0af0599e43bbc2b7051226c16d92e2d65ff980621feb939e25c8423ec0
Opcode Fuzzy Hash: a08775a739f19f016e88a62a39ad56b3d14761879f02b6b4a6d417625c82a873
Instruction Fuzzy Hash: D621C237929A42E9F651EB36EC801B53F60AB55768F700231E56D822A5CF2CAC45D70C

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67849A8C0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6785FC44C: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6786212C7,?,?,?,00007FF6786013D7,?,?,00000000,00007FF67860ED61), ref: 00007FF6785FC472

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67849AA79

Strings

... (message truncated), xrefs: 00007FF67849A9B6
[%s : %d] RAW: , xrefs: 00007FF67849A930

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: FeaturePresentProcessor__std_exception_destroy
String ID: ... (message truncated)$[%s : %d] RAW:
API String ID: 2848415949-3262997248
Opcode ID: e7e5bd5f64ab07ade854cf7943030890af7fc6bd83c4d3188d58020eef8f67b3
Instruction ID: 1ca0fda6066de4411e452a8232b3c03aaaba55aad4050c3e2d1be1f18f5170b9
Opcode Fuzzy Hash: e7e5bd5f64ab07ade854cf7943030890af7fc6bd83c4d3188d58020eef8f67b3
Instruction Fuzzy Hash: 2241F373A2864191EB11DB36E5006EE7B60FB85794F604536EE8C87B99DF3CD90ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678461D80, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108timeCOMMON

Download Yara Rule

APIs

SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF678482165), ref: 00007FF678461EB2
TzSpecificLocalTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF678482165), ref: 00007FF678461F0D

Strings

gfffffff, xrefs: 00007FF678461EBC

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Time$System$FileLocalSpecific
String ID: gfffffff
API String ID: 1707611234-1523873471
Opcode ID: 6ce5b1706f1e8fff764b2917c86a5b9c1252b82106e78ebcb1a497e6d27e0f60
Instruction ID: 20ea4cd20235d718531e3bfabfa8d16f583c29eee247d3ed55a7dfebbc8cf865
Opcode Fuzzy Hash: 6ce5b1706f1e8fff764b2917c86a5b9c1252b82106e78ebcb1a497e6d27e0f60
Instruction Fuzzy Hash: CC415933F1428346EB258B1AE04027EA7B2AF84790F265131F94D97A98EF7CDC858745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678614584, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF67861469B
GetLastError.KERNEL32 ref: 00007FF6786146BD

Strings

U, xrefs: 00007FF678614647

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4406f182705170109e4f5c184c5978046caa16fe0a5c4531056970081ef73658
Instruction ID: ae8dff28f238f45451637af503934907a797f923314596ac0f3d421b9c811a1a
Opcode Fuzzy Hash: 4406f182705170109e4f5c184c5978046caa16fe0a5c4531056970081ef73658
Instruction Fuzzy Hash: 1441C323B29A4191DB608F25E4447AA7BA1FB98784F604131EE4DC7759EF3CD801D744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678453230, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF67845334F
_Init_thread_footer.LIBCMT ref: 00007FF67845339B

Strings

, xrefs: 00007FF678453282

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID:
API String ID: 4092853384-3916222277
Opcode ID: a344454cad92080cabd81b50e60219c4b4b45f7d07b2ec8d04d705bfdc4a84e8
Instruction ID: 0a4317fbe0cdbbec81f96aed815b9be65c11049c04d4e7e0907dcfb742d83141
Opcode Fuzzy Hash: a344454cad92080cabd81b50e60219c4b4b45f7d07b2ec8d04d705bfdc4a84e8
Instruction Fuzzy Hash: 3D41E932928B8191F6118B35E4403BA6FA0FF95768F200335EA9D866A5DF7CE981C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6785FAC6C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6785FAD91

Strings

\u%04X, xrefs: 00007FF6785FAC7B

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: \u%04X
API String ID: 3215553584-2527172157
Opcode ID: f4af35fff650387ef7e8b3e33c3ebdb5e3781e38a0916f7017a3c82beb98b17a
Instruction ID: 1c529cfc3dfbbdb8813bf4f109768f25cd1c24d7c0e0c9c573a442aa348b80af
Opcode Fuzzy Hash: f4af35fff650387ef7e8b3e33c3ebdb5e3781e38a0916f7017a3c82beb98b17a
Instruction Fuzzy Hash: E731862392C74286FAA65A72940026D7F51AF757B8F345271EE6DC37D5CE3CDC408A0A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845CC30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF67845CCFF
_Init_thread_footer.LIBCMT ref: 00007FF67845CD1F

Strings

../../base/synchronization/waitable_event_win.cc, xrefs: 00007FF67845CC34

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: ../../base/synchronization/waitable_event_win.cc
API String ID: 4092853384-2389956784
Opcode ID: 3aa10a5132e7e80ce30c49efbe7403a2b020e73821ec82a82dde43812095eedb
Instruction ID: 245eef4efa4396bfb59c87fb8e8e079b0b6b5030a886243958b223081ce5d6bd
Opcode Fuzzy Hash: 3aa10a5132e7e80ce30c49efbe7403a2b020e73821ec82a82dde43812095eedb
Instruction Fuzzy Hash: 0A21D833F2964641EA21DB26D85067C2B52BB90BB8F694331CD2D833E5CF79EC859704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678621E88, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF678621EC1
LCMapStringW.KERNEL32 ref: 00007FF678621F49

Strings

LCMapStringEx, xrefs: 00007FF678621EB5

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Stringtry_get_function
String ID: LCMapStringEx
API String ID: 2588686239-3893581201
Opcode ID: fb0808d06c8b82d55540e40602268484accd62fb061bd59c05cde3bc9e4f2106
Instruction ID: 16228a6af511339732392d521299f809c9d1e4a6592853718ef731731b60775c
Opcode Fuzzy Hash: fb0808d06c8b82d55540e40602268484accd62fb061bd59c05cde3bc9e4f2106
Instruction Fuzzy Hash: 0C113E32A1CB8196D760CB55B4402AABBA5FBC8B90F644136EE9D83B59DF3CD500CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6785FC814, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6785FD943), ref: 00007FF6785FC858
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6785FD943), ref: 00007FF6785FC89E

Strings

csm, xrefs: 00007FF6785FC88B

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 9e141bd6b3d73b0408facc9fc54446b038cf341a693d94c001810cce70a058b7
Instruction ID: 92d79283419efeb06ac11156bf84e08b1ba5b29e7d6bbd55c862847e27c2c62a
Opcode Fuzzy Hash: 9e141bd6b3d73b0408facc9fc54446b038cf341a693d94c001810cce70a058b7
Instruction Fuzzy Hash: BA113D33A18B9182EB618B25E44026A7BA0FB98B94F284635DE8D47754EF3CD951CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845CDA0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,00007FF67845CD7D,?,?,?,00007FF67845CD61,?,?,?,00007FF67844BBE0), ref: 00007FF67845CDBC
GetProcAddress.KERNEL32(?,?,?,?,00007FF67845CD7D,?,?,?,00007FF67845CD61,?,?,?,00007FF67844BBE0), ref: 00007FF67845CDCC

Strings

GetHandleVerifier, xrefs: 00007FF67845CDC2

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: adb3142bcd73695f6fefe15a5db535181d4135b2c01cb36698e4306a01246c79
Instruction ID: 25e14798aae91375029814ef53c6df41eb320ddfeae87910e81e29e9bd1a641d
Opcode Fuzzy Hash: adb3142bcd73695f6fefe15a5db535181d4135b2c01cb36698e4306a01246c79
Instruction Fuzzy Hash: 0BF0A422A2E60391EE78573698952BA1E91AF44714E64403AC40FC1298DDACA9D9A369

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678457DD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF678457E08
_Init_thread_footer.LIBCMT ref: 00007FF678457E3E

Strings

dummy_histogram, xrefs: 00007FF678457E1D

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: dummy_histogram
API String ID: 4092853384-2199933292
Opcode ID: b7c32951601d214ab9d2fa99582d44ae8bbb11bde951dd9b543ad471460d2bd0
Instruction ID: b68188aead5462b30a893e57b223550cac9f6b36db56f438d3898d48a7a62a16
Opcode Fuzzy Hash: b7c32951601d214ab9d2fa99582d44ae8bbb11bde951dd9b543ad471460d2bd0
Instruction Fuzzy Hash: 36F0BF66938A02A5F944EB36E8901B62F61BB50358FB00232C50DC21A6DE2DBD85DB49

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678621B2C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF678621B55
TlsSetValue.KERNEL32(?,?,?,00007FF6786213BA,?,?,?,00007FF6785FAC55,?,?,?,?,00007FF678620846,?,?,00000000), ref: 00007FF678621B6C

Strings

FlsSetValue, xrefs: 00007FF678621B42

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: Valuetry_get_function
String ID: FlsSetValue
API String ID: 738293619-3750699315
Opcode ID: 09bede00fb570003e0edc4f71b52004598ee0e80bfd2ab2b22c957ca4048bb64
Instruction ID: 4f18dd20f29b769ede933a134c591920398f26f194809ff3d8cc65bb9db596c2
Opcode Fuzzy Hash: 09bede00fb570003e0edc4f71b52004598ee0e80bfd2ab2b22c957ca4048bb64
Instruction Fuzzy Hash: A1E06563E2C546A2EA149B71E8005BB2A23BF48B80FB84076D51D86394DE3CED44E708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678459C90, Relevance: 5.1, APIs: 4, Instructions: 96COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF678459D35
SetLastError.KERNEL32 ref: 00007FF678459D71
GetLastError.KERNEL32 ref: 00007FF678459D80
SetLastError.KERNEL32 ref: 00007FF678459DC0

Memory Dump Source

Source File: 00000004.00000002.744416402.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000004.00000002.744389861.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746193263.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746650648.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000004.00000002.746665681.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.746689933.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.746722789.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: dcfca5e4450659c7abc1ff674d6673f591c8d1948e4d8162e7b7adfd6ca63d52
Instruction ID: f2d7024ec5ec6086a426b31e5f65dacfae3a0f3f9b6f351e0b49de12ad46351a
Opcode Fuzzy Hash: dcfca5e4450659c7abc1ff674d6673f591c8d1948e4d8162e7b7adfd6ca63d52
Instruction Fuzzy Hash: A9411F33628B4286EB24AF32F45536E6AA1EB41744F204431CB4E8779DDFBCE8848354

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: setup.exe PID: 7124 Parent PID: 3028 setup.exeCOMMON

Execution Graph

Execution Coverage:	0.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.8%
Total number of Nodes:	129
Total number of Limit Nodes:	7

Executed Functions

Function 00007FF67844BC70, Relevance: 7.6, APIs: 5, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TlsGetValue.KERNEL32 ref: 00007FF67844BC8E
TryAcquireSRWLockExclusive.KERNEL32(3F800000,00000000,?,?,00007FF67844BC65,?,?,?,00007FF67844BB23), ref: 00007FF67844BCCB
ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF67844BB23,?,?,?,?,?,?,?,?,?,?,00000000,00007FF678448982), ref: 00007FF67844BD27
_Init_thread_header.LIBCMT ref: 00007FF67844BD5E
_Init_thread_footer.LIBCMT ref: 00007FF67844BD93

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireInit_thread_footerInit_thread_headerReleaseValue
String ID:
API String ID: 3774927250-0
Opcode ID: 7dc40a8fbe0eda25730f1ec01af1f89665da87031d30bef9af0cbc49476d73c5
Instruction ID: c51639ede5de559945f7bcc86aec9daddef429a68b6fdf7d470781aff6331123
Opcode Fuzzy Hash: 7dc40a8fbe0eda25730f1ec01af1f89665da87031d30bef9af0cbc49476d73c5
Instruction Fuzzy Hash: 7331A27392860296FA00DFB6E8801792FA1EF94B64F700631DA5EC32E5DF7DAC519708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67844AF70, Relevance: 7.6, APIs: 5, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TlsGetValue.KERNEL32 ref: 00007FF67844AFA8
TlsSetValue.KERNEL32 ref: 00007FF67844AFD4
TlsSetValue.KERNEL32 ref: 00007FF67844B002
TlsFree.KERNEL32 ref: 00007FF67844B052

Part of subcall function 00007FF67844B1C0: TlsAlloc.KERNEL32(?,00000000,?,00007FF67844BD52,3F800000,00000000,?,?,00007FF67844BC65,?,?,?,00007FF67844BB23), ref: 00007FF67844B1C8

TlsFree.KERNEL32 ref: 00007FF67844B086

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Value$Free$Alloc
String ID:
API String ID: 4173863045-0
Opcode ID: 77ce46446ea43eb47cfb7fe3c4ca093996de64fde13018819ecb1def7a8c72f5
Instruction ID: 387fa0f8b613b6f2cd9e85022cb5db37162a37fd33b06732c698d6c97d400608
Opcode Fuzzy Hash: 77ce46446ea43eb47cfb7fe3c4ca093996de64fde13018819ecb1def7a8c72f5
Instruction Fuzzy Hash: D031C833A281018AF664DB7694102BA7B519FC8795F204734F67D877DADE7CED068B08

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67860A598, Relevance: 4.5, APIs: 3, Instructions: 19
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,00000003,00007FF67860A6AB), ref: 00007FF67860A5C1
TerminateProcess.KERNEL32(?,?,00000003,00007FF67860A6AB), ref: 00007FF67860A5CC
ExitProcess.KERNEL32 ref: 00007FF67860A5DB

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 99eb79205e1d8f55ea799435a50c51c9dd65893cdb5a63a21dcc85242e68197c
Instruction ID: 0545c1653afaa057a34aec8ffcefaa0a79ed50051b13d82de88cdbd34922ea23
Opcode Fuzzy Hash: 99eb79205e1d8f55ea799435a50c51c9dd65893cdb5a63a21dcc85242e68197c
Instruction Fuzzy Hash: 8CE04832B3430552E6555B35588567F2653BF84B81F204438C48F83352CD3DEC58A319

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6785FCDE8, Relevance: 1.6, APIs: 1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6785FC4A1,?,?,?,?,00007FF6786212C7), ref: 00007FF67860A60F

Part of subcall function 00007FF67860A53C: GetModuleHandleExW.KERNEL32 ref: 00007FF67860A558
Part of subcall function 00007FF67860A53C: GetProcAddress.KERNEL32 ref: 00007FF67860A56E
Part of subcall function 00007FF67860A53C: FreeLibrary.KERNEL32 ref: 00007FF67860A58B

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 63bdc1dbbb03e609bfdecf94da7d6f5fff68a7d8b284b135efd65b17adb41177
Instruction ID: 3ee145f4bb855aa6536e1de08150734a08107b12e6a1c8b4e7605c77e0043825
Opcode Fuzzy Hash: 63bdc1dbbb03e609bfdecf94da7d6f5fff68a7d8b284b135efd65b17adb41177
Instruction Fuzzy Hash: FB21BD33E347419AEB118F75C044AAE3BB0FB44349F24493AD60C82A86DF38D884DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67844F050, Relevance: 1.5, APIs: 1, Instructions: 26
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000318,?,?,00007FF6785FA99F,?,?,?,00007FF678441782,?,?,?,00007FF678441668), ref: 00007FF67844F06A

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 65a6661e7f8d4544185e63a739ad057c6d009151a84a384eaeb9b37e60eeecd2
Instruction ID: 1b49a29d4ab633b50e2f5e1a1e6924eda3af6950b16ea5100ca37b4598df14c1
Opcode Fuzzy Hash: 65a6661e7f8d4544185e63a739ad057c6d009151a84a384eaeb9b37e60eeecd2
Instruction Fuzzy Hash: E3E09A03E2E65280FE255B3729006790EC04FDAFE4F284071DD4C87B8AFD5CAC869708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6785FA980, Relevance: 1.5, APIs: 1, Instructions: 22
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF67844F050: RtlAllocateHeap.NTDLL(00000318,?,?,00007FF6785FA99F,?,?,?,00007FF678441782,?,?,?,00007FF678441668), ref: 00007FF67844F06A

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6785FA9B0

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: AllocateConcurrency::cancel_current_taskHeap
String ID:
API String ID: 333155141-0
Opcode ID: d5c874a29afdb0c944a5b48b266f3e8c7e7bac25be2f816cafa4df701dbc28e0
Instruction ID: 8a2f9d21192c63d3eb286b369f8f7b20f321bbaba874b83532ff298dac0057e4
Opcode Fuzzy Hash: d5c874a29afdb0c944a5b48b266f3e8c7e7bac25be2f816cafa4df701dbc28e0
Instruction Fuzzy Hash: E8E04F42E3910701F99A267316590B91A820FA83B4E3C2B30D93D842CBAD1CBC42491D

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF6784594C0, Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 392
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetHandleInformation.KERNEL32 ref: 00007FF678459534
SetHandleInformation.KERNEL32 ref: 00007FF678459559
SetHandleInformation.KERNEL32 ref: 00007FF67845957E
CreateProcessW.KERNEL32 ref: 00007FF678459738
SetHandleInformation.KERNEL32 ref: 00007FF6784598C4

Strings

../../base/process/launch_win.cc, xrefs: 00007FF6784598A6, 00007FF6784598F3, 00007FF678459B5A, 00007FF678459BC5

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: HandleInformation$CreateProcess
String ID: ../../base/process/launch_win.cc
API String ID: 302854529-3741534765
Opcode ID: c87d0c7fb3d09c39b385a0c0875295fef7658dd9bc2fcb291236970fd03dcec3
Instruction ID: d00e2dbe2ab10b27f2fc9cc92a82b2d8123fd6c2125d9b5fe3e9bdff27541a5d
Opcode Fuzzy Hash: c87d0c7fb3d09c39b385a0c0875295fef7658dd9bc2fcb291236970fd03dcec3
Instruction Fuzzy Hash: 0A124323A2C7C295EB619B36F4403BE6F61FB80B84F604035DA8D82A99DF7CD985C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784ADC90, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 255fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00007FF6784ADD2D
GetCurrentDirectoryW.KERNEL32 ref: 00007FF6784ADD69
GetModuleFileNameW.KERNEL32 ref: 00007FF6784ADDBD
CreateFileW.KERNEL32 ref: 00007FF6784ADF0E

Strings

Histogram.TooManyBuckets.1000, xrefs: 00007FF6784ADF50
debug.log, xrefs: 00007FF6784ADE6E, 00007FF6784ADECB
-inl, xrefs: 00007FF6784ADFE8

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: File$Create$CurrentDirectoryModuleName
String ID: -inl$Histogram.TooManyBuckets.1000$debug.log
API String ID: 4120427848-4260269593
Opcode ID: d9ed9c07fe1674377f5f85c585887fb6f73db013e0139523249001045405cd17
Instruction ID: e3245de0abe6fb3074d7947427a8c87bf8b7b5e974bc04817a04a6eb71f85ec5
Opcode Fuzzy Hash: d9ed9c07fe1674377f5f85c585887fb6f73db013e0139523249001045405cd17
Instruction Fuzzy Hash: F2A1EB63A28A4191FB109B32E45437A6F60EF44BB4F244331DA6D8B7D5DFBCE9818309

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678463310, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 86fileCOMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32 ref: 00007FF6784633C3
SetFilePointerEx.KERNEL32 ref: 00007FF6784633DB
SetEndOfFile.KERNEL32 ref: 00007FF6784633E8
SetFilePointerEx.KERNEL32 ref: 00007FF678463400

Strings

File::SetLength, xrefs: 00007FF678463446
SetLength, xrefs: 00007FF67846335B
../../base/files/file_win.cc, xrefs: 00007FF678463362

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: File$Pointer
String ID: ../../base/files/file_win.cc$File::SetLength$SetLength
API String ID: 1339342385-2248197467
Opcode ID: fa6731049030f8519f87c7b9dbc5837087119be7d5a990bcabc14c61df8a48a3
Instruction ID: f53124c66441e68ae7e3028e167f2c9d2d607ac9b9463c69fabdf85f8eb00316
Opcode Fuzzy Hash: fa6731049030f8519f87c7b9dbc5837087119be7d5a990bcabc14c61df8a48a3
Instruction Fuzzy Hash: F231B832B28A8291FA208F3AE4517FBABA0FF94B84F545031EE4D83655EF7CD9458704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678613E78, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF678613EE7
WriteFile.KERNEL32 ref: 00007FF67861419E
WriteFile.KERNEL32 ref: 00007FF6786141F0
GetLastError.KERNEL32 ref: 00007FF6786142F2
GetLastError.KERNEL32 ref: 00007FF678614352

Strings

MZx, xrefs: 00007FF678613EB3, 00007FF678613F52, 00007FF678613FFA, 00007FF6786140C2, 00007FF67861423C, 00007FF6786142C6

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID: MZx
API String ID: 1443284424-2575928145
Opcode ID: df33afdeb63b4bfb23a8f95b34c5b8b9d306e4b21ab06af4ceb26252755e58af
Instruction ID: 3fac858376da5b6bfdce8dc282ff374b7b9067369c8287095d805e6e52f80a70
Opcode Fuzzy Hash: df33afdeb63b4bfb23a8f95b34c5b8b9d306e4b21ab06af4ceb26252755e58af
Instruction Fuzzy Hash: 6DE1E173E28681AAE700CF75D0401AE7BB1FB45788F244126DE4E97B9AEE38D856D704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678463AA0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 159fileCOMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNEL32 ref: 00007FF678463B59
MapViewOfFile.KERNEL32 ref: 00007FF678463BC4
GetLastError.KERNEL32 ref: 00007FF678463C97
SetLastError.KERNEL32 ref: 00007FF678463CD9

Strings

MapFileRegionToMemory, xrefs: 00007FF678463AE9
../../base/files/memory_mapped_file_win.cc, xrefs: 00007FF678463AF0

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorFileLast$CreateMappingView
String ID: ../../base/files/memory_mapped_file_win.cc$MapFileRegionToMemory
API String ID: 2231327692-1672964651
Opcode ID: 9ce57e8a70567f9485ac933e4046e18874c2c2392e9e83db79fcdf2c42eb1830
Instruction ID: 83918a5104d3e9ffb2e5572a80a4f61f085c0183b32cea4a48668d6bbd818384
Opcode Fuzzy Hash: 9ce57e8a70567f9485ac933e4046e18874c2c2392e9e83db79fcdf2c42eb1830
Instruction Fuzzy Hash: 0851F433B2CB9281EA209B26A4457BA6BA1FF44B84F614031EE4D87759EF7DDC418344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67860EB14, Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF67860EB8D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF67860EBA5
RtlVirtualUnwind.KERNEL32 ref: 00007FF67860EBE0
IsDebuggerPresent.KERNEL32 ref: 00007FF67860EC19
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF67860EC23
UnhandledExceptionFilter.KERNEL32 ref: 00007FF67860EC2E

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 23cc6bff61b78c16e7ee25e4b3366f080038f90177da2de55d303e003ae544d1
Instruction ID: 3f8c455fe9287a0622264f98ce75b95fa934d4b16d08ba7a8365c51b56b6dc48
Opcode Fuzzy Hash: 23cc6bff61b78c16e7ee25e4b3366f080038f90177da2de55d303e003ae544d1
Instruction Fuzzy Hash: 02319137628B8195EB60CF34E8406AE37A0FB88754F600136EA9D83B99DF3CC955CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784656A0, Relevance: 7.6, APIs: 5, Instructions: 95processCOMMON

Download Yara Rule

APIs

GetProcessId.KERNEL32 ref: 00007FF6784656B1
GetLastError.KERNEL32 ref: 00007FF6784656BD
CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF67855E936

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: CreateErrorLastProcessSnapshotToolhelp32
String ID:
API String ID: 3154049537-0
Opcode ID: fd993080f2f89736239021875109e60515be56557d315d8fdb4fddf7aa8151b2
Instruction ID: 63866fd87d7d9eac0a824e3ecb7d5f7eebe92afe2c906d65e28c66311d1f45a8
Opcode Fuzzy Hash: fd993080f2f89736239021875109e60515be56557d315d8fdb4fddf7aa8151b2
Instruction Fuzzy Hash: 9D31C123F2C74355FAE46BB1A40437A1A63AF85760F340135DA1ED63C5ED7CEC819608

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845433D, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,00000000,Histogram.TooManyBuckets.1000,00007FF678471CE5), ref: 00007FF678454359

Strings

UUUUUUUU, xrefs: 00007FF67845446B
33333333, xrefs: 00007FF67845447E

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: AcquireExclusiveLock
String ID: 33333333$UUUUUUUU
API String ID: 4021432409-3483174168
Opcode ID: 7daa92df0ec6b34cfb6191cf400d3fab6922b086941c3a56394e9f562f2cdce5
Instruction ID: be3f5f11d29f9ff3ef41e41dcd6151dab291efa0fe597da8b8a6a86ead2767b9
Opcode Fuzzy Hash: 7daa92df0ec6b34cfb6191cf400d3fab6922b086941c3a56394e9f562f2cdce5
Instruction Fuzzy Hash: A751D6D3F69A5941EE108B22961427DDA53AB55FE0F7D8032CE5C4BB8CDE7CE9818308

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678447880, Relevance: 19.6, APIs: 13, Instructions: 117
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThread.KERNEL32 ref: 00007FF6784478DE
GetThreadPriority.KERNEL32 ref: 00007FF6784478E3
GetCurrentThread.KERNEL32 ref: 00007FF6784478EB
SetThreadPriority.KERNEL32 ref: 00007FF6784478F5
QueryPerformanceCounter.KERNEL32 ref: 00007FF67844795A
GetCurrentThread.KERNEL32 ref: 00007FF678447963
SetThreadPriority.KERNEL32 ref: 00007FF67844796E
QueryPerformanceFrequency.KERNEL32 ref: 00007FF67844797F
_Init_thread_header.LIBCMT ref: 00007FF678447A16
_Init_thread_footer.LIBCMT ref: 00007FF678447A3F
_Init_thread_header.LIBCMT ref: 00007FF678447A50
QueryPerformanceCounter.KERNEL32 ref: 00007FF678447A71
_Init_thread_footer.LIBCMT ref: 00007FF678447A88

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Thread$CurrentPerformancePriorityQuery$CounterInit_thread_footerInit_thread_header$Frequency
String ID:
API String ID: 521408450-0
Opcode ID: 7d56607dc3bc44bf47606a62b612d31014a9775943dafa849caa731edbce7259
Instruction ID: 1657731ca83b4177d198af92e6b68039ba1209dd61a86e767c25ffa95c14fefa
Opcode Fuzzy Hash: 7d56607dc3bc44bf47606a62b612d31014a9775943dafa849caa731edbce7259
Instruction Fuzzy Hash: 5951D033A39E02E5F6129F35E8121367B64BF85BE4F315331E94D92261CF3CAA469708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784B4340, Relevance: 16.6, APIs: 11, Instructions: 95
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6784B4364
TerminateProcess.KERNEL32 ref: 00007FF6784B436F
GetCurrentProcess.KERNEL32 ref: 00007FF6784B4387
WaitForSingleObject.KERNEL32 ref: 00007FF6784B4395
GetLastError.KERNEL32 ref: 00007FF6784B43DC
GetCurrentProcess.KERNEL32 ref: 00007FF6784B43E8
WaitForSingleObject.KERNEL32 ref: 00007FF6784B43F6
GetCurrentProcess.KERNEL32 ref: 00007FF6784B4417
GetExitCodeProcess.KERNEL32 ref: 00007FF6784B4425
GetCurrentProcess.KERNEL32 ref: 00007FF6784B4462
GetCurrentProcess.KERNEL32 ref: 00007FF6784B447F

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Process$Current$ObjectSingleWait$CodeErrorExitLastTerminate
String ID:
API String ID: 2432511979-0
Opcode ID: 6b6a451ef962a60a918f1f163a55c0c184c39c26fb0d1aaf94d4b23fb635fa7f
Instruction ID: 0c768610772241f549bffdc0b8f43820f3bfa06f1923f2915cd8feb9d42a0879
Opcode Fuzzy Hash: 6b6a451ef962a60a918f1f163a55c0c184c39c26fb0d1aaf94d4b23fb635fa7f
Instruction Fuzzy Hash: 13418323F2C542D5FA649733944433E1EA09F84BA4F384431CA0EC3699DFACAC659349

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67844E6C1, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 209
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Init_thread_header.LIBCMT ref: 00007FF67844E8D5

Part of subcall function 00007FF6785FA980: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6785FA9B0

_Init_thread_footer.LIBCMT ref: 00007FF67844E6FC

Part of subcall function 00007FF6785FAEE8: EnterCriticalSection.KERNEL32(?,?,?,00007FF6784411D0), ref: 00007FF6785FAEF8
Part of subcall function 00007FF6785FAEE8: LeaveCriticalSection.KERNEL32(?,?,?,00007FF6784411D0), ref: 00007FF6785FAF38

_Init_thread_header.LIBCMT ref: 00007FF67844E75F
_Init_thread_footer.LIBCMT ref: 00007FF67844E78C
_Init_thread_header.LIBCMT ref: 00007FF67844E6C8

Part of subcall function 00007FF6785FA9CC: EnterCriticalSection.KERNEL32(?,?,?,00007FF678441193), ref: 00007FF6785FA9DC

_Init_thread_footer.LIBCMT ref: 00007FF67844E902

Strings

heap_profiler_predicate, xrefs: 00007FF67844E80F, 00007FF67844E837
event_whitelist_predicate, xrefs: 00007FF67844E7B6, 00007FF67844E7EE
event_name_whitelist, xrefs: 00007FF67844E984

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: CriticalInit_thread_footerInit_thread_headerSection$Enter$Concurrency::cancel_current_taskLeave
String ID: event_name_whitelist$event_whitelist_predicate$heap_profiler_predicate
API String ID: 2334296950-959554088
Opcode ID: 1bc75393708cca5a1b5c898c9a06b6c415a35b2a6ad5d9ee21f316fa3ce47036
Instruction ID: 34cd8a92a2add4af2aeffbf1ec2ed3f99599ff46f9283b909eceb2c5186437d7
Opcode Fuzzy Hash: 1bc75393708cca5a1b5c898c9a06b6c415a35b2a6ad5d9ee21f316fa3ce47036
Instruction Fuzzy Hash: E2915427A29A4285EA50DB26E45037A6F60FFC47A4F604231EA5E873E5DF7CED41C708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67844EF00, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 93
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EventRegister.ADVAPI32(00000000,?,?,?,?,00007FF67844EEE2), ref: 00007FF67844EF8D
GetModuleHandleExW.KERNEL32 ref: 00007FF67844EFB8
GetProcAddress.KERNEL32 ref: 00007FF67844EFCE
FreeLibrary.KERNEL32 ref: 00007FF67844EFF3
GetModuleHandleExW.KERNEL32 ref: 00007FF67844F03F

Strings

api-ms-win-eventing-provider-l1-1-0.dll, xrefs: 00007FF67844EFAD
EventSetInformation, xrefs: 00007FF67844EFC7
advapi32.dll, xrefs: 00007FF67844F02F
Google.Chrome, xrefs: 00007FF67844EF0A

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: HandleModule$AddressEventFreeLibraryProcRegister
String ID: EventSetInformation$Google.Chrome$advapi32.dll$api-ms-win-eventing-provider-l1-1-0.dll
API String ID: 503842981-1037291142
Opcode ID: 5203d765c1b3c6ce74c7177325a9ed0f8130177b0da67d5c382d31bc43562c04
Instruction ID: 17333fc1636759f15b9dca1bf6e8e58afdf0f74de517903436f0a79016e409b9
Opcode Fuzzy Hash: 5203d765c1b3c6ce74c7177325a9ed0f8130177b0da67d5c382d31bc43562c04
Instruction Fuzzy Hash: 5931937362864292E7209F32F84027767E0FB98B94F604036DE8EC7655DE7CE9059308

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678471FB0, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 231
threadtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF678472083
GetLocalTime.KERNEL32(?,?,?,?,../../base/metrics/persistent_memory_allocator.cc,?,0000001A,00000002,00000000,?,00007FF678471FA0,?,?,?,?,00007FF67845802C), ref: 00007FF6784720C7

Part of subcall function 00007FF678472370: GetCurrentProcessId.KERNEL32(?,?,?,00000002,?,?,?,?,../../base/metrics/persistent_memory_allocator.cc,?,0000001A,00000002,00000000,?,00007FF678471FA0), ref: 00007FF678472378

GetTickCount.KERNEL32 ref: 00007FF678472309

Strings

)] , xrefs: 00007FF678472248
../../base/metrics/persistent_memory_allocator.cc, xrefs: 00007FF678471FB7
:.}z, xrefs: 00007FF678472206
UNKNOWN, xrefs: 00007FF67847235C
VERBOSE, xrefs: 00007FF678472334

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Current$CountLocalProcessThreadTickTime
String ID: )] $../../base/metrics/persistent_memory_allocator.cc$:.}z$UNKNOWN$VERBOSE
API String ID: 815555739-2990853121
Opcode ID: 340fb88e7c5677e5639c2b4a7106fa80327c833e5d8ac8219e08f29a14d73f8e
Instruction ID: 58d8911cabeed90b79959e900e2d9437d1b8ea689f5b457a1cae19a6af16e814
Opcode Fuzzy Hash: 340fb88e7c5677e5639c2b4a7106fa80327c833e5d8ac8219e08f29a14d73f8e
Instruction Fuzzy Hash: C6A1D523B2969290EB24DB32D4503B92F90EB85BD4F605131EE4E8779ADFBDE941C344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678472D60, Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 402
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6785FBA0C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6785FBA41

_Init_thread_header.LIBCMT ref: 00007FF67847317D
_Init_thread_footer.LIBCMT ref: 00007FF6784731A3
_Init_thread_header.LIBCMT ref: 00007FF6784731EC
_Init_thread_footer.LIBCMT ref: 00007FF678473212
OutputDebugStringA.KERNEL32 ref: 00007FF678473277

Strings

LogMessage, xrefs: 00007FF678473001

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header$DebugOutputString_invalid_parameter_noinfo
String ID: LogMessage
API String ID: 4218905995-3667181074
Opcode ID: c76e499b9e2a48991281515252df741ca3cfe58f585e3f10ce273769de79696c
Instruction ID: b68578751f8550d66632b7bbb067c587d66db5483b7ffa6dded4d0c318aba09a
Opcode Fuzzy Hash: c76e499b9e2a48991281515252df741ca3cfe58f585e3f10ce273769de79696c
Instruction Fuzzy Hash: B4128173A28A8695EA60DB32E4403FA7B60FF84794F644136DA8D83799DF7CE944C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845AA10, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 00007FF67845AAE1
GetLastError.KERNEL32 ref: 00007FF67845AAF0
PathMatchSpecW.SHLWAPI ref: 00007FF67845ABE1
FindClose.KERNEL32 ref: 00007FF67845ADA4

Strings

../../base/files/file_enumerator_win.cc, xrefs: 00007FF67845AA6D
Next, xrefs: 00007FF67845AA66

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Find$CloseErrorFileLastMatchNextPathSpec
String ID: ../../base/files/file_enumerator_win.cc$Next
API String ID: 4245483308-3065876524
Opcode ID: 2a3a7a6bbabb73f2de7de1c1b891d57eabbf5c3fd735a680fdacf3366e59b2a5
Instruction ID: 9de6b8fed7aaa8c2bab13f9ec2b2e57516680a74747f006c1db66b70c19668d5
Opcode Fuzzy Hash: 2a3a7a6bbabb73f2de7de1c1b891d57eabbf5c3fd735a680fdacf3366e59b2a5
Instruction Fuzzy Hash: 5BB1C333A28BC196EA55DB37A5443BE6BA0FB80790F604131DA5D83698DFBCE895C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67862D5BC, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF67862D4E3,?,?,00000000,00007FF67861D66E,?,?,?,00007FF6785FC801), ref: 00007FF67862D63F
GetLastError.KERNEL32(?,?,?,00007FF67862D4E3,?,?,00000000,00007FF67861D66E,?,?,?,00007FF6785FC801), ref: 00007FF67862D64D
LoadLibraryExW.KERNEL32(?,?,?,00007FF67862D4E3,?,?,00000000,00007FF67861D66E,?,?,?,00007FF6785FC801), ref: 00007FF67862D677
FreeLibrary.KERNEL32(?,?,?,00007FF67862D4E3,?,?,00000000,00007FF67861D66E,?,?,?,00007FF6785FC801), ref: 00007FF67862D6BD
GetProcAddress.KERNEL32(?,?,?,00007FF67862D4E3,?,?,00000000,00007FF67861D66E,?,?,?,00007FF6785FC801), ref: 00007FF67862D6C9

Strings

MZx, xrefs: 00007FF67862D5DA, 00007FF67862D688, 00007FF67862D6A6
api-ms-, xrefs: 00007FF67862D65F

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: MZx$api-ms-
API String ID: 2559590344-259127448
Opcode ID: 71ada8f358d02ead29026cb912da725e1c8cb6b1732d7800a02eb72b7ab10496
Instruction ID: 6eef1711a25639a0400262ae6dfba27c658cad611b98e1bdd8bc2b78bf66edb3
Opcode Fuzzy Hash: 71ada8f358d02ead29026cb912da725e1c8cb6b1732d7800a02eb72b7ab10496
Instruction Fuzzy Hash: 0D31DB23B2A656B5EE11DB22A808D362B94BF44FA4F690535EE1D87394DF3CE8509708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678463E90, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98fileCOMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNEL32 ref: 00007FF678463F38
MapViewOfFile.KERNEL32 ref: 00007FF678463F72
GetLastError.KERNEL32 ref: 00007FF678463FCC
SetLastError.KERNEL32 ref: 00007FF67846400E

Strings

MapImageToMemory, xrefs: 00007FF678463ED0
../../base/files/memory_mapped_file_win.cc, xrefs: 00007FF678463ED7

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorFileLast$CreateMappingView
String ID: ../../base/files/memory_mapped_file_win.cc$MapImageToMemory
API String ID: 2231327692-1841746395
Opcode ID: 08a7db556a3c10e105ec49d07dd5e7d91e825dc245bcc314c1c273787b4faf5c
Instruction ID: 1eae56f25259ddae06d415d2d2f1c01a30bfc1600a0ca9f1704e0c9c221d998f
Opcode Fuzzy Hash: 08a7db556a3c10e105ec49d07dd5e7d91e825dc245bcc314c1c273787b4faf5c
Instruction Fuzzy Hash: 6741B232B28A8281FA24DF36E4197AA6BA1FF85744F644030DE4D83795EF7DD8468304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678462120, Relevance: 10.6, APIs: 7, Instructions: 83COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF678462189
GetVersionExW.KERNEL32 ref: 00007FF6784621BB
GetProductInfo.KERNEL32 ref: 00007FF6784621DD
_Init_thread_footer.LIBCMT ref: 00007FF678462238
_Init_thread_header.LIBCMT ref: 00007FF678462249

Part of subcall function 00007FF6785FA9CC: EnterCriticalSection.KERNEL32(?,?,?,00007FF678441193), ref: 00007FF6785FA9DC

GetNativeSystemInfo.KERNEL32 ref: 00007FF67846226D
_Init_thread_footer.LIBCMT ref: 00007FF67846229A

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: InfoInit_thread_footerInit_thread_header$CriticalEnterNativeProductSectionSystemVersion
String ID:
API String ID: 2554706446-0
Opcode ID: db59551796758aef8339bfecd3af1a8120c0dc5f310e32ea993116d87fb2ca49
Instruction ID: 86af2767fe8155c4210b6690d3261e4beca8b807af46b271d723294477cc09dc
Opcode Fuzzy Hash: db59551796758aef8339bfecd3af1a8120c0dc5f310e32ea993116d87fb2ca49
Instruction Fuzzy Hash: 5741AC37A28A42A5F610DB75E8516F63B60EF94758F304231EA5D832B4DF3CE9869708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67862EE5C, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF67862EE8D
GetLastError.KERNEL32 ref: 00007FF67862EE99
CloseHandle.KERNEL32 ref: 00007FF67862EEB1
CreateFileW.KERNEL32 ref: 00007FF67862EEDC
WriteConsoleW.KERNEL32 ref: 00007FF67862EEFB

Strings

CONOUT$, xrefs: 00007FF67862EEBD

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 200e98005cc5b26fcaf53fae46a40ceaa791268869de788c89697f15c96316b6
Instruction ID: 0c76e766f6f4bf4f6461f5af597febc5a13b67a9e1d2dec41cd2b96aefeaf465
Opcode Fuzzy Hash: 200e98005cc5b26fcaf53fae46a40ceaa791268869de788c89697f15c96316b6
Instruction Fuzzy Hash: 8A118422B28A5196E3508B62F84432A6BA4FB88FE4F244234E95DC7798DF7CDC549748

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784B6CA0, Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 342threadCOMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF6784B6CFB
GetCurrentThreadId.KERNEL32 ref: 00007FF6784B6D1A
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF6784B7147

Strings

(%.3f ms), xrefs: 00007FF6784B7065
E, xrefs: 00007FF6784B6D32

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread
String ID: (%.3f ms)$E
API String ID: 135963836-2157862799
Opcode ID: fb7039785d1faf0748187faa5342430243a67da46a7adc850560a78752b68343
Instruction ID: 84b85e9759adee14d25d63185c93cc33d635a507e17550c1f654d2e8d1c8ec99
Opcode Fuzzy Hash: fb7039785d1faf0748187faa5342430243a67da46a7adc850560a78752b68343
Instruction Fuzzy Hash: D5F18373A28B8295EA20DF36E4402AE7F60FB85B84F544136DA8C87B59DF7CE945C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678455460, Relevance: 9.1, APIs: 6, Instructions: 67COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF6784554C9
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF678455508
_Init_thread_header.LIBCMT ref: 00007FF67845552C
_Init_thread_footer.LIBCMT ref: 00007FF67845555D
_Init_thread_header.LIBCMT ref: 00007FF67845556E

Part of subcall function 00007FF6785FA9CC: EnterCriticalSection.KERNEL32(?,?,?,00007FF678441193), ref: 00007FF6785FA9DC

_Init_thread_footer.LIBCMT ref: 00007FF678455593

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveInit_thread_footerInit_thread_headerLock$AcquireCriticalEnterReleaseSection
String ID:
API String ID: 2670297682-0
Opcode ID: 2b1b95663567b4679be41cc96085dc80ed324a4614d68588524da94cd5bf9625
Instruction ID: 2ddfa41f5546e7365477eed73cf23e1f2805ffb166f2840a605e2d3ac25af718
Opcode Fuzzy Hash: 2b1b95663567b4679be41cc96085dc80ed324a4614d68588524da94cd5bf9625
Instruction Fuzzy Hash: 97312C22A38A02E5FA00DB35E89117A2FA0BF54768F714132E91DC72A5DF6CFD85D708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678460250, Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 313COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF67846075E
_Init_thread_footer.LIBCMT ref: 00007FF678460796

Strings

file, xrefs: 00007FF6784603C5
mailto, xrefs: 00007FF67846069E
filesystem, xrefs: 00007FF678460413

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: file$filesystem$mailto
API String ID: 4092853384-1079950657
Opcode ID: 8c4ed6a10ddcbc03fbc44a74deda5c7f9e6a35e8c232c60329385a2fff61775c
Instruction ID: 224dd9c270970dc85ac96f406faf5801157dc7d0c3aec4fa6dd4fff825a6eafa
Opcode Fuzzy Hash: 8c4ed6a10ddcbc03fbc44a74deda5c7f9e6a35e8c232c60329385a2fff61775c
Instruction Fuzzy Hash: F5E1D233728B8285E660DF22E9503AABB61FF85784F644131DA8C83799EF7CE945C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784656F0, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 297COMMON

Download Yara Rule

Strings

file, xrefs: 00007FF678465943
mailto, xrefs: 00007FF678465B87
filesystem, xrefs: 00007FF67846598A

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID:
String ID: file$filesystem$mailto
API String ID: 0-1079950657
Opcode ID: 0d3cd47b2300dee697b17db10041e43efb2e324018197284b88153d30c7e8ca1
Instruction ID: 0f9afefadb3656f43f83c3dfd58a4ab29834e261d84e2123da0a951fea017aff
Opcode Fuzzy Hash: 0d3cd47b2300dee697b17db10041e43efb2e324018197284b88153d30c7e8ca1
Instruction Fuzzy Hash: 19E18E32A18BC191E6319F26E8442EAB7A0FB94B94F544135DF8C83799DF3CE956C708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784622B0, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 292COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6784622FC
IsWow64Process.KERNEL32 ref: 00007FF678462312

Part of subcall function 00007FF678462860: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,00000000,00007FF67846239B), ref: 00007FF678462896

Part of subcall function 00007FF6784628E0: RegQueryValueExW.ADVAPI32(?,?,?,?,?,?,?,00000000,00007FF6784623BF), ref: 00007FF678462927

Part of subcall function 00007FF678462970: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00007FF6784623D9), ref: 00007FF6784629DF

Part of subcall function 00007FF678462810: RegCloseKey.ADVAPI32(?,?,00000000,00007FF678462439), ref: 00007FF678462820

Strings

UBR, xrefs: 00007FF6784623A3
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00007FF67846237F
ReleaseId, xrefs: 00007FF6784623BF

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ProcessQueryValue$CloseCurrentOpenWow64
String ID: ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR
API String ID: 1114400673-4060060583
Opcode ID: 01f557aa9e8e12b6efe7467d787009f93fe75a4aca7818066552dc95a57331aa
Instruction ID: 1c73ce6732f77578ddac3d546813ab71bbb88489468ff5bdb46040b7e9bc942b
Opcode Fuzzy Hash: 01f557aa9e8e12b6efe7467d787009f93fe75a4aca7818066552dc95a57331aa
Instruction Fuzzy Hash: 53D1B633B28652A6E7748B26D45437A7BA0FB44754F204135DB8E83798EFBCE894C706

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845CA30, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 00007FF67845CB02
GetLastError.KERNEL32 ref: 00007FF67845CB4F

Strings

Read, xrefs: 00007FF67845CA85
File::Read, xrefs: 00007FF67845CB6C
../../base/files/file_win.cc, xrefs: 00007FF67845CA8C

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: ../../base/files/file_win.cc$File::Read$Read
API String ID: 1948546556-1732825555
Opcode ID: 49aa987d1da79e4b2f05f5b0128a09bfb7beb3f5bf9a8f75f61023bdab74b345
Instruction ID: 9c4148c15e0275d37bd50f77e15490f277e83aa44c60ef4bd4d7612ba52aa6a7
Opcode Fuzzy Hash: 49aa987d1da79e4b2f05f5b0128a09bfb7beb3f5bf9a8f75f61023bdab74b345
Instruction Fuzzy Hash: 60311722A2CA95A1F6218F36F4017FAA760FF947A4F105131ED4C83694EF7DDA86C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67860A53C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF67860A558
GetProcAddress.KERNEL32 ref: 00007FF67860A56E
FreeLibrary.KERNEL32 ref: 00007FF67860A58B

Strings

CorExitProcess, xrefs: 00007FF67860A567
mscoree.dll, xrefs: 00007FF67860A54F

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: d5217012137aa3b51be252bf37fdbbf001c0c652f9a674c1b7ad6db8ddfd84fe
Instruction ID: 5b1dfb4aea7a5e7802761bdc6c8f5f6d9323cdf74b5f555622effbb61f602cb6
Opcode Fuzzy Hash: d5217012137aa3b51be252bf37fdbbf001c0c652f9a674c1b7ad6db8ddfd84fe
Instruction Fuzzy Hash: 92F054A2B39A02A1EF554B71D88477A1B61FF44B81F241039D44FC6564CE3CDD48E319

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678613B94, Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF678613BD6
GetConsoleMode.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF6785FC54F,?,?,?,00000000), ref: 00007FF678613C94
GetLastError.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF6785FC54F,?,?,?,00000000), ref: 00007FF678613D1E

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
String ID:
API String ID: 2210144848-0
Opcode ID: 85c47f320996bcfcf724e0a9ed2f5a1aa9b7b3f056c4ecb9df9c22e0be72dbe8
Instruction ID: 7bf7a0f2d6164760d92d151f8787e2839c7a1d87c9e81df557f06be1bb6d0000
Opcode Fuzzy Hash: 85c47f320996bcfcf724e0a9ed2f5a1aa9b7b3f056c4ecb9df9c22e0be72dbe8
Instruction Fuzzy Hash: FB81BF23E38612A9FB509B7599402BE2E61BB54B84F640136DE0F93796DF3CAC45E318

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678448B00, Relevance: 7.7, APIs: 5, Instructions: 168threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF678448DE0: TlsGetValue.KERNEL32 ref: 00007FF678448DEE

GetCurrentThreadId.KERNEL32 ref: 00007FF678448B56
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF678448BFC
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF678448C7D
_Init_thread_header.LIBCMT ref: 00007FF678448C96
_Init_thread_footer.LIBCMT ref: 00007FF678448CD4

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentInit_thread_footerInit_thread_headerReleaseThreadValue
String ID:
API String ID: 2678241846-0
Opcode ID: cbfb6b26712b1a77e647cc19d9e94ac36312c5d999cfd2e175a9e348c4d3df76
Instruction ID: 339d949357a487c1264109bf932b3e294f43b6cf29e2da6d9081f455465cb2ba
Opcode Fuzzy Hash: cbfb6b26712b1a77e647cc19d9e94ac36312c5d999cfd2e175a9e348c4d3df76
Instruction Fuzzy Hash: 8371B263A29A4291FA509F32E4503BA6B90BFD4B94F604031EE8D83799DF7CEC45C308

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845CE00, Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

_Init_thread_footer.LIBCMT ref: 00007FF67845CE65

Part of subcall function 00007FF6785FAEE8: EnterCriticalSection.KERNEL32(?,?,?,00007FF6784411D0), ref: 00007FF6785FAEF8
Part of subcall function 00007FF6785FAEE8: LeaveCriticalSection.KERNEL32(?,?,?,00007FF6784411D0), ref: 00007FF6785FAF38

_Init_thread_header.LIBCMT ref: 00007FF67845CE34

Part of subcall function 00007FF6785FA9CC: EnterCriticalSection.KERNEL32(?,?,?,00007FF678441193), ref: 00007FF6785FA9DC

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF67845CDF2,?,?,?,?,00007FF67845CD7D,?,?,?,00007FF67845CD61), ref: 00007FF67845CE74
_Init_thread_header.LIBCMT ref: 00007FF67845CF05
_Init_thread_footer.LIBCMT ref: 00007FF67845CF36

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: CriticalSection$EnterInit_thread_footerInit_thread_header$AcquireExclusiveLeaveLock
String ID:
API String ID: 2014417079-0
Opcode ID: 726625e52865b2dd256acbf65976c0255f6e4dbd56c17ca97d286df2337c8621
Instruction ID: 38d971a3b7ea0d3871e8b05e616a2eadbf9fe398b8e0ee403a1d8ca5a314f532
Opcode Fuzzy Hash: 726625e52865b2dd256acbf65976c0255f6e4dbd56c17ca97d286df2337c8621
Instruction Fuzzy Hash: 66419423D2964391FA50EB36E9903BA2B50AF58760F305231D94DC32A6CF3CBCC58749

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67847CA90, Relevance: 7.5, APIs: 5, Instructions: 41threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00007FF67847CAA8
SetThreadPriority.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FF67847CABD

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Thread$CurrentPriority
String ID:
API String ID: 1343868529-0
Opcode ID: 06d7487e3b26f9ebcc9a8da175151be1689f3685a130f77ba68dee661049b67b
Instruction ID: eda62e5ea22359b518a7472f3f900f3035bcd23a56c9f8506769f60616f339bd
Opcode Fuzzy Hash: 06d7487e3b26f9ebcc9a8da175151be1689f3685a130f77ba68dee661049b67b
Instruction Fuzzy Hash: 7D01A727F2965292FA219736A84027A2E51DF95FB6F704130C91DC2398DD7CEC879309

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784CA5F0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF6784CA662
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF6784CA68A

Strings

process-, xrefs: 00007FF6784CA7EC
ss-phase, xrefs: 00007FF6784CA7F9

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: process-$ss-phase
API String ID: 17069307-1645460407
Opcode ID: c51f34acf62aed795c61c24908c2fe8ce9fff0575cf0f818750eaec6c8436dbf
Instruction ID: 01bd6f7cf0c4655a86874bb4280d8415bf306dcc91a83f1360ed93e11fac3f44
Opcode Fuzzy Hash: c51f34acf62aed795c61c24908c2fe8ce9fff0575cf0f818750eaec6c8436dbf
Instruction Fuzzy Hash: 82919163B28A8191EA209B27E4007BA7BA5BF94784F604531DE4D8774ADF7CE946C708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678451120, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 160synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF678451254

Part of subcall function 00007FF678448700: QueryPerformanceCounter.KERNEL32 ref: 00007FF678448738

WaitForSingleObject.KERNEL32 ref: 00007FF67845137C

Strings

../../base/synchronization/waitable_event_win.cc, xrefs: 00007FF6784512FE
TimedWait, xrefs: 00007FF6784512F7

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ObjectSingleWait$CounterPerformanceQuery
String ID: ../../base/synchronization/waitable_event_win.cc$TimedWait
API String ID: 2161673850-3163266676
Opcode ID: 3bd7b20a7146d1ced4f91fbe29b07996ca8ff9ca8cfac475a71556cf4bdd55c2
Instruction ID: 5411ab54d3fe288092a6c093ee0d6eeb890098badf6c9f98735742138c9c6ba4
Opcode Fuzzy Hash: 3bd7b20a7146d1ced4f91fbe29b07996ca8ff9ca8cfac475a71556cf4bdd55c2
Instruction Fuzzy Hash: BC510823A2D7C551FB209736D4153BEABA0AF847A4F640131EA5EC66D9EFACD8C5C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6784B4610, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 141COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,?), ref: 00007FF6784B464E
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,?), ref: 00007FF6784B46B3

Part of subcall function 00007FF6784CA5F0: TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF6784CA662
Part of subcall function 00007FF6784CA5F0: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF6784CA68A

Strings

RecordProcessExit, xrefs: 00007FF6784B474D
../../base/debug/activity_tracker.cc, xrefs: 00007FF6784B4754

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ../../base/debug/activity_tracker.cc$RecordProcessExit
API String ID: 17069307-2038026062
Opcode ID: 2e10945d989788760cd59ea5e87e47262259327bfeb62ce25026cf66961e3e6f
Instruction ID: a8400ef472603b60c9be83efaaf6fda21d64b9a458cba44c03ac44c6b24f1690
Opcode Fuzzy Hash: 2e10945d989788760cd59ea5e87e47262259327bfeb62ce25026cf66961e3e6f
Instruction Fuzzy Hash: 3251D523A19B8185EB118F32A4003AD6BA0FF88B94F644231EE4D57799DF7CE986C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678481CB0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON

Download Yara Rule

APIs

GetProcessId.KERNEL32 ref: 00007FF678481CBB
GetLastError.KERNEL32 ref: 00007FF678481CCA

Strings

../../third_party/protobuf/src/google/protobuf/message_lite.cc, xrefs: 00007FF678481D1F
exceeded maximum protobuf size of 2GB: , xrefs: 00007FF678481D5A

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorLastProcess
String ID: exceeded maximum protobuf size of 2GB: $../../third_party/protobuf/src/google/protobuf/message_lite.cc
API String ID: 725227012-1697531602
Opcode ID: 620c42bf5482f64ed4fffd6693878b533687aa825ff17e3bc0480e6171f3a4fa
Instruction ID: 4becf519b83e501bdc0e88b6b3be097eafc160df71718b91b7a6ac07a25f3ce6
Opcode Fuzzy Hash: 620c42bf5482f64ed4fffd6693878b533687aa825ff17e3bc0480e6171f3a4fa
Instruction Fuzzy Hash: 84310523F28A5241FE04AB37D8543B95BA1AF48FD4F644032DE0E87B9ADE6CED458744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67844FA30, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF67844FAD3
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF67844FAE3
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF67844FB4F

Part of subcall function 00007FF678447770: AcquireSRWLockExclusive.KERNEL32 ref: 00007FF6784477BB

Strings

ThreadLocalEventBuffer, xrefs: 00007FF67844FAB4

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$Acquire$CurrentReleaseThread
String ID: ThreadLocalEventBuffer
API String ID: 1385397084-137470936
Opcode ID: c42eaf5a1d24f71cad83205fcbf9eb08fa98169227716cd318babd44d42e0ca5
Instruction ID: 5bf45fafa493a3e7b90a963ecb504f80823b4f6d6cee0058bfef2d8d46d66e93
Opcode Fuzzy Hash: c42eaf5a1d24f71cad83205fcbf9eb08fa98169227716cd318babd44d42e0ca5
Instruction Fuzzy Hash: B241C173A28B4691EA01DF22E4101AA7BA0FF84B90F744132EA4D837A9DE7CD946C744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678459F60, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF67845A01C
GetCurrentThreadId.KERNEL32 ref: 00007FF678459FBC

Part of subcall function 00007FF678448700: QueryPerformanceCounter.KERNEL32 ref: 00007FF678448738

Strings

ScopedMayLoadLibraryAtBackgroundPriority, xrefs: 00007FF67845A006
ScopedMayLoadLibraryAtBackgroundPriority : Priority Increased, xrefs: 00007FF67845A066

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: CurrentThread$CounterPerformanceQuery
String ID: ScopedMayLoadLibraryAtBackgroundPriority$ScopedMayLoadLibraryAtBackgroundPriority : Priority Increased
API String ID: 1058255813-3597462364
Opcode ID: 33691f4dd2af279f945ba9eb9e194bcc3f24d93b021e9b4f13aee846f70f8848
Instruction ID: 2dfcd36bc625f3233aaa734ffe37786f8e6d18d339ee51fef5bcdc21f37594a5
Opcode Fuzzy Hash: 33691f4dd2af279f945ba9eb9e194bcc3f24d93b021e9b4f13aee846f70f8848
Instruction Fuzzy Hash: BF31A23392C78685F6609F31B8503AA7FE0EB95798F340135EA8D83659DFBCD8818744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678463D20, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON

Download Yara Rule

APIs

GetFileSizeEx.KERNEL32 ref: 00007FF678463DC3

Strings

File::GetLength, xrefs: 00007FF678463E0E
GetLength, xrefs: 00007FF678463D66
../../base/files/file_win.cc, xrefs: 00007FF678463D6D

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: FileSize
String ID: ../../base/files/file_win.cc$File::GetLength$GetLength
API String ID: 3433856609-2366038222
Opcode ID: 00ef676b29c65b816474247974fd02d5be3960de0b164f5761997ff44cacd0f5
Instruction ID: a7793fcc9752cb198b81b860664bf2cb7493e9e70c243a8be36807515235a0b8
Opcode Fuzzy Hash: 00ef676b29c65b816474247974fd02d5be3960de0b164f5761997ff44cacd0f5
Instruction Fuzzy Hash: FA21D732A2CAC6A1FA205B39E5017FBA7A0FF94784F502130E94D43B59DF2DDA46C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678450980, Relevance: 6.1, APIs: 4, Instructions: 107COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF678450990
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF678450A03
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF678450A83
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF678450B01

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: 7d94de32b9e1023d742330d1abab8d32fff6e2e9fc88390b97018b2b840cce8b
Instruction ID: 1522a67854b5a55953053830d5b57fe63239f5c077d185efc5bf2c9071ca4c93
Opcode Fuzzy Hash: 7d94de32b9e1023d742330d1abab8d32fff6e2e9fc88390b97018b2b840cce8b
Instruction Fuzzy Hash: A5415C37A18B1292EA58DF26D15436D2BA0FB98F94F144031CF4D87B49DF7CE9A18748

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678479710, Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF678479759
_Init_thread_footer.LIBCMT ref: 00007FF6784797AF
_Init_thread_header.LIBCMT ref: 00007FF6784797BD

Part of subcall function 00007FF6785FA9CC: EnterCriticalSection.KERNEL32(?,?,?,00007FF678441193), ref: 00007FF6785FA9DC

_Init_thread_footer.LIBCMT ref: 00007FF6784797FB

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header$CriticalEnterSection
String ID:
API String ID: 371409586-0
Opcode ID: a08775a739f19f016e88a62a39ad56b3d14761879f02b6b4a6d417625c82a873
Instruction ID: 5d1d9b0af0599e43bbc2b7051226c16d92e2d65ff980621feb939e25c8423ec0
Opcode Fuzzy Hash: a08775a739f19f016e88a62a39ad56b3d14761879f02b6b4a6d417625c82a873
Instruction Fuzzy Hash: D621C237929A42E9F651EB36EC801B53F60AB55768F700231E56D822A5CF2CAC45D70C

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67849A8C0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6785FC44C: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6786212C7,?,?,?,00007FF6786013D7,?,?,00000000,00007FF67860ED61), ref: 00007FF6785FC472

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67849AA79

Strings

... (message truncated), xrefs: 00007FF67849A9B6
[%s : %d] RAW: , xrefs: 00007FF67849A930

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: FeaturePresentProcessor__std_exception_destroy
String ID: ... (message truncated)$[%s : %d] RAW:
API String ID: 2848415949-3262997248
Opcode ID: c99dfeebc60fd981a9b69016e4f4d7efb52395372792bb2f51eeaaf98dc937cd
Instruction ID: 1ca0fda6066de4411e452a8232b3c03aaaba55aad4050c3e2d1be1f18f5170b9
Opcode Fuzzy Hash: c99dfeebc60fd981a9b69016e4f4d7efb52395372792bb2f51eeaaf98dc937cd
Instruction Fuzzy Hash: 2241F373A2864191EB11DB36E5006EE7B60FB85794F604536EE8C87B99DF3CD90ACB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678461D80, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108timeCOMMON

Download Yara Rule

APIs

SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF678482165), ref: 00007FF678461EB2
TzSpecificLocalTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF678482165), ref: 00007FF678461F0D

Strings

gfffffff, xrefs: 00007FF678461EBC

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Time$System$FileLocalSpecific
String ID: gfffffff
API String ID: 1707611234-1523873471
Opcode ID: 6ce5b1706f1e8fff764b2917c86a5b9c1252b82106e78ebcb1a497e6d27e0f60
Instruction ID: 20ea4cd20235d718531e3bfabfa8d16f583c29eee247d3ed55a7dfebbc8cf865
Opcode Fuzzy Hash: 6ce5b1706f1e8fff764b2917c86a5b9c1252b82106e78ebcb1a497e6d27e0f60
Instruction Fuzzy Hash: CC415933F1428346EB258B1AE04027EA7B2AF84790F265131F94D97A98EF7CDC858745

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678614584, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF67861469B
GetLastError.KERNEL32 ref: 00007FF6786146BD

Strings

U, xrefs: 00007FF678614647

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 5bfb2bf3ab4f80f4572a783bc050a2d3713d93ac2a5fbfed21bb674b10612ed4
Instruction ID: ae8dff28f238f45451637af503934907a797f923314596ac0f3d421b9c811a1a
Opcode Fuzzy Hash: 5bfb2bf3ab4f80f4572a783bc050a2d3713d93ac2a5fbfed21bb674b10612ed4
Instruction Fuzzy Hash: 1441C323B29A4191DB608F25E4447AA7BA1FB98784F604131EE4DC7759EF3CD801D744

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678453230, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF67845334F
_Init_thread_footer.LIBCMT ref: 00007FF67845339B

Strings

, xrefs: 00007FF678453282

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID:
API String ID: 4092853384-3916222277
Opcode ID: 66260a08c5a9780a32afd3a3c4fc1e83d9e7c2277d218140d3713d8e196d1580
Instruction ID: 0a4317fbe0cdbbec81f96aed815b9be65c11049c04d4e7e0907dcfb742d83141
Opcode Fuzzy Hash: 66260a08c5a9780a32afd3a3c4fc1e83d9e7c2277d218140d3713d8e196d1580
Instruction Fuzzy Hash: 3D41E932928B8191F6118B35E4403BA6FA0FF95768F200335EA9D866A5DF7CE981C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6785FAC6C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6785FAD91

Strings

\u%04X, xrefs: 00007FF6785FAC7B

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: \u%04X
API String ID: 3215553584-2527172157
Opcode ID: 3398f65c054bb81cfe214c6645f946c1356efa0dba2ea01fc71f0204dd730d1c
Instruction ID: 1c529cfc3dfbbdb8813bf4f109768f25cd1c24d7c0e0c9c573a442aa348b80af
Opcode Fuzzy Hash: 3398f65c054bb81cfe214c6645f946c1356efa0dba2ea01fc71f0204dd730d1c
Instruction Fuzzy Hash: E731862392C74286FAA65A72940026D7F51AF757B8F345271EE6DC37D5CE3CDC408A0A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845CC30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF67845CCFF
_Init_thread_footer.LIBCMT ref: 00007FF67845CD1F

Strings

../../base/synchronization/waitable_event_win.cc, xrefs: 00007FF67845CC34

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: ../../base/synchronization/waitable_event_win.cc
API String ID: 4092853384-2389956784
Opcode ID: e22306ca4eeac26b7aa09de41077d4ac4992f2b38023570bf1a2ab8afb81af81
Instruction ID: 245eef4efa4396bfb59c87fb8e8e079b0b6b5030a886243958b223081ce5d6bd
Opcode Fuzzy Hash: e22306ca4eeac26b7aa09de41077d4ac4992f2b38023570bf1a2ab8afb81af81
Instruction Fuzzy Hash: 0A21D833F2964641EA21DB26D85067C2B52BB90BB8F694331CD2D833E5CF79EC859704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678621E88, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF678621EC1
LCMapStringW.KERNEL32 ref: 00007FF678621F49

Strings

LCMapStringEx, xrefs: 00007FF678621EB5

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Stringtry_get_function
String ID: LCMapStringEx
API String ID: 2588686239-3893581201
Opcode ID: fb0808d06c8b82d55540e40602268484accd62fb061bd59c05cde3bc9e4f2106
Instruction ID: 16228a6af511339732392d521299f809c9d1e4a6592853718ef731731b60775c
Opcode Fuzzy Hash: fb0808d06c8b82d55540e40602268484accd62fb061bd59c05cde3bc9e4f2106
Instruction Fuzzy Hash: 0C113E32A1CB8196D760CB55B4402AABBA5FBC8B90F644136EE9D83B59DF3CD500CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6785FC814, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6785FD943), ref: 00007FF6785FC858
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6785FD943), ref: 00007FF6785FC89E

Strings

csm, xrefs: 00007FF6785FC88B

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 9e141bd6b3d73b0408facc9fc54446b038cf341a693d94c001810cce70a058b7
Instruction ID: 92d79283419efeb06ac11156bf84e08b1ba5b29e7d6bbd55c862847e27c2c62a
Opcode Fuzzy Hash: 9e141bd6b3d73b0408facc9fc54446b038cf341a693d94c001810cce70a058b7
Instruction Fuzzy Hash: BA113D33A18B9182EB618B25E44026A7BA0FB98B94F284635DE8D47754EF3CD951CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF67845CDA0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,00007FF67845CD7D,?,?,?,00007FF67845CD61,?,?,?,00007FF67844BBE0), ref: 00007FF67845CDBC
GetProcAddress.KERNEL32(?,?,?,?,00007FF67845CD7D,?,?,?,00007FF67845CD61,?,?,?,00007FF67844BBE0), ref: 00007FF67845CDCC

Strings

GetHandleVerifier, xrefs: 00007FF67845CDC2

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: adb3142bcd73695f6fefe15a5db535181d4135b2c01cb36698e4306a01246c79
Instruction ID: 25e14798aae91375029814ef53c6df41eb320ddfeae87910e81e29e9bd1a641d
Opcode Fuzzy Hash: adb3142bcd73695f6fefe15a5db535181d4135b2c01cb36698e4306a01246c79
Instruction Fuzzy Hash: 0BF0A422A2E60391EE78573698952BA1E91AF44714E64403AC40FC1298DDACA9D9A369

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678457DD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF678457E08
_Init_thread_footer.LIBCMT ref: 00007FF678457E3E

Strings

dummy_histogram, xrefs: 00007FF678457E1D

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: dummy_histogram
API String ID: 4092853384-2199933292
Opcode ID: b7c32951601d214ab9d2fa99582d44ae8bbb11bde951dd9b543ad471460d2bd0
Instruction ID: b68188aead5462b30a893e57b223550cac9f6b36db56f438d3898d48a7a62a16
Opcode Fuzzy Hash: b7c32951601d214ab9d2fa99582d44ae8bbb11bde951dd9b543ad471460d2bd0
Instruction Fuzzy Hash: 36F0BF66938A02A5F944EB36E8901B62F61BB50358FB00232C50DC21A6DE2DBD85DB49

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678621B2C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF678621B55
TlsSetValue.KERNEL32(?,?,?,00007FF6786213BA,?,?,?,00007FF6785FAC55,?,?,?,?,00007FF678620846,?,?,00000000), ref: 00007FF678621B6C

Strings

FlsSetValue, xrefs: 00007FF678621B42

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: Valuetry_get_function
String ID: FlsSetValue
API String ID: 738293619-3750699315
Opcode ID: 09bede00fb570003e0edc4f71b52004598ee0e80bfd2ab2b22c957ca4048bb64
Instruction ID: 4f18dd20f29b769ede933a134c591920398f26f194809ff3d8cc65bb9db596c2
Opcode Fuzzy Hash: 09bede00fb570003e0edc4f71b52004598ee0e80bfd2ab2b22c957ca4048bb64
Instruction Fuzzy Hash: A1E06563E2C546A2EA149B71E8005BB2A23BF48B80FB84076D51D86394DE3CED44E708

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF678459C90, Relevance: 5.1, APIs: 4, Instructions: 96COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF678459D35
SetLastError.KERNEL32 ref: 00007FF678459D71
GetLastError.KERNEL32 ref: 00007FF678459D80
SetLastError.KERNEL32 ref: 00007FF678459DC0

Memory Dump Source

Source File: 00000005.00000002.748326147.00007FF678441000.00000020.00020000.sdmp, Offset: 00007FF678440000, based on PE: true

Associated: 00000005.00000002.748310788.00007FF678440000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749114542.00007FF678630000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749439548.00007FF6786B7000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749461287.00007FF6786B8000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749479455.00007FF6786B9000.00000008.00020000.sdmp Download File
Associated: 00000005.00000002.749500642.00007FF6786BA000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749524422.00007FF6786C1000.00000004.00020000.sdmp Download File
Associated: 00000005.00000002.749552860.00007FF6786C4000.00000002.00020000.sdmp Download File
Associated: 00000005.00000002.749622259.00007FF6786D8000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff678440000_setup.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 5eec425da3c854d1f9f291ec0e8397312683bc26fdcb4173e560562c4e9ea808
Instruction ID: f2d7024ec5ec6086a426b31e5f65dacfae3a0f3f9b6f351e0b49de12ad46351a
Opcode Fuzzy Hash: 5eec425da3c854d1f9f291ec0e8397312683bc26fdcb4173e560562c4e9ea808
Instruction Fuzzy Hash: A9411F33628B4286EB24AF32F45536E6AA1EB41744F204431CB4E8779DDFBCE8848354

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: setdf.exe PID: 7108 Parent PID: 3028 setdf.exeCOMMON

Execution Graph

Execution Coverage:	18.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.5%
Total number of Nodes:	424
Total number of Limit Nodes:	8

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 004026A0, Relevance: 30.1, APIs: 14, Strings: 3, Instructions: 342
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegDeleteKeyA.ADVAPI32 ref: 004026EC
RegCreateKeyExA.KERNELBASE ref: 0040273A
puts.MSVCRT ref: 00402752

Part of subcall function 00402570: RegOpenKeyExA.KERNELBASE ref: 0040259D
Part of subcall function 00402570: RegQueryInfoKeyA.ADVAPI32 ref: 0040260E
Part of subcall function 00402570: FileTimeToSystemTime.KERNEL32 ref: 0040261E
Part of subcall function 00402570: SystemTimeToFileTime.KERNEL32 ref: 0040263A
Part of subcall function 00402570: RegCloseKey.ADVAPI32 ref: 00402673

Part of subcall function 004023C0: GetCurrentProcess.KERNEL32 ref: 004023F4
Part of subcall function 004023C0: OpenProcessToken.ADVAPI32 ref: 0040240F
Part of subcall function 004023C0: GetTokenInformation.KERNELBASE ref: 00402453
Part of subcall function 004023C0: GetTokenInformation.KERNELBASE ref: 00402485
Part of subcall function 004023C0: LookupAccountSidA.ADVAPI32 ref: 004024D1
Part of subcall function 004023C0: ConvertSidToStringSidA.ADVAPI32 ref: 004024E7

mbstowcs.MSVCRT ref: 004027CA
wcslen.MSVCRT ref: 004027D2
_wcslwr.MSVCRT ref: 004027DE
malloc.MSVCRT ref: 00402889
RegCloseKey.ADVAPI32 ref: 00402AA9

Strings

0a@, xrefs: 00402783
=, xrefs: 00402C31
)a@, xrefs: 00402ACA

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: Time$Token$CloseFileInformationOpenProcessSystem$AccountConvertCreateCurrentDeleteInfoLookupQueryString_wcslwrmallocmbstowcsputswcslen
String ID: )a@$0a@$=
API String ID: 2028010961-4153260733
Opcode ID: ce86d3fdc78952b22e439a4c96b1ae5e955405be6ee3e19da6602756ced6dca5
Instruction ID: 03ac7914e9e341511ab39a6dce87a521f23f3c8702bda7c9c9967043098b55c2
Opcode Fuzzy Hash: ce86d3fdc78952b22e439a4c96b1ae5e955405be6ee3e19da6602756ced6dca5
Instruction Fuzzy Hash: C9F153719093688BEB25DF29C98479DFBF0AF44304F0486EED489A7381DB749A88CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00401179, Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207
sleepstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 26%

			E00401179() {
				void* _v16;
				signed int _v48;
				void* _v52;
				char _v96;
				void* _v112;
				void* _v113;
				signed int _v116;
				signed int _v120;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t46;
				signed int _t48;
				intOrPtr* _t54;
				_Unknown_base(*)()* _t56;
				signed char* _t60;
				signed int _t61;
				signed int _t62;
				void* _t63;
				void* _t64;
				signed int _t70;
				void* _t74;
				intOrPtr _t83;
				signed int _t84;
				signed int _t86;
				signed int _t93;
				signed int _t94;
				struct _STARTUPINFOA* _t95;
				signed int _t99;
				signed int _t100;
				signed int _t101;
				void* _t104;
				void* _t106;
				void* _t110;
				signed int _t112;
				void* _t113;
				void* _t115;
				signed int _t119;
				signed int* _t120;

				while(1) {
					L1:
					_push(_t113);
					_t113 = _t115;
					_push(_t101);
					_push(_t106);
					_t95 =  &_v96;
					memset(_t95, 0, 0x11 << 2);
					_t46 = E00404200(0x30, _t82);
					_t48 =  &_v113 & 0xfffffff0;
					 *_t48 = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 4)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 8)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 0xc)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 0x10)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 0x14)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 0x18)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 0x1c)) = 0xcccccccc;
					_t119 = _t115 - 0x0000007c + 0xc - _t46 & 0xfffffff0;
					if( *0x407054 != 0) {
						GetStartupInfoA(_t95);
						_t119 = _t119 - 4;
					}
					_t83 =  *((intOrPtr*)( *[fs:0x18] + 4));
					_t104 = Sleep;
					while(1) {
						asm("lock cmpxchg [0x4073f8], ebx");
						if(0 == 0) {
							break;
						}
						if(0 == _t83) {
							_t84 = 1;
							if( *0x4073fc != 1) {
								L7:
								if( *0x4073fc == 0) {
									 *0x4073fc = 1;
									_v136 = 0x409018;
									_v140 = 0x40900c;
									L00404298();
								} else {
									 *0x407004 = 1;
								}
								if( *0x4073fc == 1) {
									goto L36;
								} else {
									goto L10;
								}
							} else {
								L35:
								_v140 = 0x1f;
								L00404290();
								if( *0x4073fc != 1) {
									L10:
									if(_t84 == 0) {
										goto L37;
									}
								} else {
									L36:
									_v136 = 0x409008;
									_v140 = 0x409000;
									L00404298();
									 *0x4073fc = 2;
									if(_t84 == 0) {
										L37:
										_t41 = _t84;
										_t84 =  *0x4073f8;
										 *0x4073f8 = _t41;
									}
								}
							}
							L42:
						} else {
							Sleep(0x3e8);
							_t119 = _t119 - 4;
							continue;
						}
						L11:
						_t54 =  *0x406a40; // 0x403140
						if(_t54 != 0) {
							_v132 = 0;
							_v136 = 2;
							_v140 = 0;
							 *_t54();
							_t119 = _t119 - 0xc;
						}
						E004037A0(_t84, _t104, 0);
						_v140 = E004032E0; // executed
						_t56 = SetUnhandledExceptionFilter(??); // executed
						_t120 = _t119 - 4;
						 *0x407064 = _t56;
						 *_t120 = 0x401000;
						E00403A80(E00404260());
						 *0x4073ec = 0x400000;
						_t60 =  *_acmdln;
						if(_acmdln != 0) {
							_t94 = 0;
							while(1) {
								_t99 =  *_t60 & 0x000000ff;
								if(_t99 <= 0x20) {
									goto L15;
								}
								L20:
								_t94 =  ==  ? _t94 ^ 0x00000001 : _t94;
								L18:
								_t60 =  &(_t60[1]);
								_t99 =  *_t60 & 0x000000ff;
								if(_t99 <= 0x20) {
									goto L15;
								}
								goto L24;
								L15:
								if(_t99 != 0) {
									if(_t94 == 0) {
										while(1) {
											_t60 =  &(_t60[1]);
											_t100 =  *_t60 & 0x000000ff;
											if(_t100 > 0x20) {
												goto L23;
											}
											if(_t100 != 0) {
												continue;
											}
											goto L23;
										}
									} else {
										_t94 = 1;
										goto L18;
									}
								}
								L23:
								 *0x4073e8 = _t60;
								goto L24;
							}
						}
						L24:
						_t82 =  *0x407054;
						if( *0x407054 != 0) {
							_t78 =  !=  ? _v48 & 0x0000ffff : 0xa;
							 *0x405000 =  !=  ? _v48 & 0x0000ffff : 0xa;
						}
						_t61 =  *0x40701c;
						_v116 = _t61;
						_t62 = 4 + _t61 * 4;
						_v120 = _t62;
						 *_t120 = _t62;
						_t63 = malloc(??);
						_t101 =  *0x407018;
						_v112 = _t63;
						if(_t61 <= 0) {
							_t64 = 0;
						} else {
							_t86 = 0;
							_t112 = _t101;
							do {
								 *_t120 =  *(_t112 + _t86 * 4);
								_t25 = strlen(??) + 1; // 0x1
								_t101 = _t25;
								 *_t120 = _t101;
								_t74 = malloc(??);
								 *(_v112 + _t86 * 4) = _t74;
								_t93 =  *(_t112 + _t86 * 4);
								_t86 = _t86 + 1;
								_v136 = _t101;
								 *_t120 = _t74;
								_v140 = _t93;
								memcpy(??, ??, ??);
							} while (_t86 != _v116);
							_t64 = _v120 - 4;
						}
						_t110 = _v112;
						 *((intOrPtr*)(_t110 + _t64)) = 0;
						 *0x407018 = _t110;
						E00403B10();
						 *__imp____initenv =  *0x407014;
						_v136 =  *0x407014;
						_v140 =  *0x407018;
						 *_t120 =  *0x40701c; // executed
						_t70 = E00404380(); // executed
						 *0x40700c = _t70;
						if( *0x407008 == 0) {
							 *_t120 = _t70;
							exit(??); // executed
							_t106 = _t110;
							 *0x407054 = 1;
							E00403B30();
							_t115 = _t120 - 0xc + 0xc;
							goto L1;
						}
						if( *0x407004 == 0) {
							L00404288();
							_t70 =  *0x40700c;
						}
						return _t70;
						goto L42;
					}
					_t84 = 0;
					if( *0x4073fc == 1) {
						goto L35;
					} else {
						goto L7;
					}
					goto L11;
				}
			}

0x00401180
0x00401180
0x00401180
0x00401183
0x0040118a
0x0040118b
0x0040118c
0x00401195
0x00401199
0x004011a4
0x004011a7
0x004011ad
0x004011b4
0x004011bb
0x004011c2
0x004011c9
0x004011d0
0x004011d7
0x004011de
0x004011e9
0x00401473
0x00401479
0x00401479
0x004011f7
0x004011fa
0x00401216
0x00401218
0x00401222
0x00000000
0x00000000
0x00401204
0x00401415
0x0040141d
0x00401234
0x0040123b
0x00401481
0x0040148b
0x00401493
0x0040149a
0x00401241
0x00401241
0x00401241
0x00401253
0x00000000
0x00000000
0x00000000
0x00000000
0x00401423
0x00401423
0x00401423
0x0040142a
0x00401437
0x00401259
0x0040125b
0x00000000
0x00000000
0x0040143d
0x0040143d
0x0040143d
0x00401445
0x0040144c
0x00401453
0x0040145d
0x00401463
0x00401463
0x00401463
0x00401463
0x00401463
0x0040145d
0x00401437
0x00000000
0x0040120a
0x00401211
0x00401213
0x00000000
0x00401213
0x00401261
0x00401261
0x00401268
0x0040126a
0x00401272
0x0040127a
0x00401281
0x00401283
0x00401283
0x00401286
0x0040128b
0x00401292
0x00401298
0x0040129b
0x004012a0
0x004012ac
0x004012b6
0x004012c0
0x004012c4
0x004012c6
0x004012e0
0x004012e0
0x004012e6
0x00000000
0x00000000
0x004012e8
0x004012f0
0x004012dd
0x004012dd
0x004012e0
0x004012e6
0x00000000
0x00000000
0x00000000
0x004012d0
0x004012d2
0x004012d6
0x004012f9
0x004012f9
0x004012fc
0x00401302
0x00000000
0x00000000
0x004012f7
0x00000000
0x00000000
0x00000000
0x004012f7
0x004012d8
0x004012d8
0x00000000
0x004012d8
0x004012d6
0x00401304
0x00401304
0x00000000
0x00401304
0x004012e0
0x00401309
0x00401309
0x00401311
0x00401320
0x00401323
0x00401323
0x00401328
0x0040132d
0x00401332
0x00401339
0x0040133c
0x0040133f
0x00401346
0x0040134c
0x0040134f
0x004014a4
0x00401355
0x00401355
0x00401357
0x00401360
0x00401363
0x0040136b
0x0040136b
0x0040136e
0x00401371
0x00401379
0x0040137c
0x0040137f
0x00401382
0x00401386
0x00401389
0x0040138d
0x00401392
0x0040139a
0x0040139a
0x0040139d
0x004013a0
0x004013a7
0x004013ad
0x004013bd
0x004013c4
0x004013cd
0x004013d6
0x004013d9
0x004013e6
0x004013eb
0x004014ab
0x004014b0
0x004014b5
0x004014c3
0x004014cd
0x004014d2
0x00000000
0x004014d2
0x004013f9
0x004013fb
0x00401400
0x00401400
0x0040140c
0x00000000
0x0040140c
0x00401229
0x0040122e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040122e

APIs

Sleep.KERNEL32 ref: 00401211
SetUnhandledExceptionFilter.KERNELBASE ref: 00401292
malloc.MSVCRT ref: 0040133F
strlen.MSVCRT ref: 00401366
malloc.MSVCRT ref: 00401371
memcpy.MSVCRT ref: 0040138D
GetStartupInfoA.KERNEL32 ref: 00401473

Strings

@1@, xrefs: 00401261

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
String ID: @1@
API String ID: 649803965-1062867696
Opcode ID: 3fc8b3060eb215a5af56e4ebae25485ef26f636af33c802a52dbdba989695c70
Instruction ID: a43b5d0e8aab2e093008daf85e40796155139908f9288821509ad0c888b672fb
Opcode Fuzzy Hash: 3fc8b3060eb215a5af56e4ebae25485ef26f636af33c802a52dbdba989695c70
Instruction Fuzzy Hash: 3B817CB1E082018FD710EF69DA8075A7BE4FB85344F01857EED44BB3A1D778A844DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040438A, Relevance: 70.3, APIs: 35, Strings: 5, Instructions: 348
stringregistryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCommandLineW.KERNEL32 ref: 0040439C
CommandLineToArgvW.SHELL32 ref: 004043AF
RegOpenKeyExA.KERNELBASE ref: 004043FF
RegQueryValueExA.KERNELBASE ref: 0040445A
atoi.MSVCRT ref: 00404462
RegQueryValueExA.KERNELBASE ref: 004044A6
RegQueryValueExA.KERNELBASE ref: 004044E2
strcmp.MSVCRT ref: 004044FE
puts.MSVCRT ref: 00404533
strcmp.MSVCRT ref: 00404557
puts.MSVCRT ref: 00404569
wcstombs.MSVCRT ref: 00404590
wcstombs.MSVCRT ref: 004045A7
strcmp.MSVCRT ref: 004045B7
RegDeleteKeyA.ADVAPI32 ref: 0040460A
wcstombs.MSVCRT ref: 0040462F
strcmp.MSVCRT ref: 0040463F
fopen.MSVCRT ref: 00404657
fgets.MSVCRT ref: 0040467F
strtok.MSVCRT ref: 004046E6
strcmp.MSVCRT ref: 0040471A
strcmp.MSVCRT ref: 00404738
strtok.MSVCRT ref: 00404785
strtok.MSVCRT ref: 004047AF
strcmp.MSVCRT ref: 00404808
strcmp.MSVCRT ref: 0040482D
strcmp.MSVCRT ref: 00404845
SHChangeNotify.SHELL32 ref: 004048B5
printf.MSVCRT ref: 004048DC
puts.MSVCRT ref: 004049CF

Strings

e@, xrefs: 0040483A
., xrefs: 004045C4
@f@, xrefs: 004049E6
., xrefs: 00404815
@, xrefs: 004044B2

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: strcmp$QueryValueputsstrtokwcstombs$CommandLine$ArgvChangeDeleteNotifyOpenatoifgetsfopenprintf
String ID: .$.$@$@f@$e@
API String ID: 2451745367-4170836697
Opcode ID: 8e78b7798b1f83118951dc8c846f428f3ed18f866040e1d2865ae0791ff0534c
Instruction ID: 8783aa9f8a355cd34b88065cfed41fb77064e6fcd8058681a7b608039e4123fe
Opcode Fuzzy Hash: 8e78b7798b1f83118951dc8c846f428f3ed18f866040e1d2865ae0791ff0534c
Instruction Fuzzy Hash: E5F151F05083159BC720AF25D98436EBBF4AF80348F01887EE68967281D77CC985DF5A

Uniqueness

Uniqueness Score: -1.00%

Function 00404380, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 97
registrystringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCommandLineW.KERNEL32 ref: 0040439C
CommandLineToArgvW.SHELL32 ref: 004043AF
RegOpenKeyExA.KERNELBASE ref: 004043FF
RegQueryValueExA.KERNELBASE ref: 0040445A
atoi.MSVCRT ref: 00404462
RegQueryValueExA.KERNELBASE ref: 004044A6
RegQueryValueExA.KERNELBASE ref: 004044E2
strcmp.MSVCRT ref: 004044FE
puts.MSVCRT ref: 00404533
strcmp.MSVCRT ref: 00404557
puts.MSVCRT ref: 00404569
wcstombs.MSVCRT ref: 00404590
wcstombs.MSVCRT ref: 004045A7
strcmp.MSVCRT ref: 004045B7
RegDeleteKeyA.ADVAPI32 ref: 0040460A
wcstombs.MSVCRT ref: 0040462F
strcmp.MSVCRT ref: 0040463F
fopen.MSVCRT ref: 00404657
fgets.MSVCRT ref: 0040467F
strtok.MSVCRT ref: 004046E6
puts.MSVCRT ref: 004049CF

Strings

Te@, xrefs: 004043F0
@, xrefs: 004044B2

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: strcmp$QueryValueputswcstombs$CommandLine$ArgvDeleteOpenatoifgetsfopenstrtok
String ID: @$Te@
API String ID: 4164741573-3026374435
Opcode ID: 98950425c47ac62e6770fd8f2364a079b9e639ecc8997b3054887ece2750aba2
Instruction ID: 32220b5bc8446626c2f2012a3bfec091bc7e020f0229b4e70187ca10948d0537
Opcode Fuzzy Hash: 98950425c47ac62e6770fd8f2364a079b9e639ecc8997b3054887ece2750aba2
Instruction Fuzzy Hash: DB410DF08053159FDB50EF65D94875EBBF4FF80304F0089AEE689A7240D77999888F5A

Uniqueness

Uniqueness Score: -1.00%

Function 004023C0, Relevance: 15.1, APIs: 10, Instructions: 100
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 004023F4
OpenProcessToken.ADVAPI32 ref: 0040240F
GetTokenInformation.KERNELBASE ref: 00402453
GetTokenInformation.KERNELBASE ref: 00402485
LookupAccountSidA.ADVAPI32 ref: 004024D1
ConvertSidToStringSidA.ADVAPI32 ref: 004024E7
printf.MSVCRT ref: 00402507
LocalAlloc.KERNEL32 ref: 0040254B

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: Token$InformationProcess$AccountAllocConvertCurrentLocalLookupOpenStringprintf
String ID:
API String ID: 892511574-0
Opcode ID: d66834b20918afac42d46c85198aa894f8910a5b1be3110befaec1eab9b0623f
Instruction ID: d751da2c95dded9e22fdfb686bc1f6b85a60496c220cba8abdd9d20475e57ce5
Opcode Fuzzy Hash: d66834b20918afac42d46c85198aa894f8910a5b1be3110befaec1eab9b0623f
Instruction Fuzzy Hash: B041ECB19043149FCB10EF65D98838EFBF4FF84315F0089AED488A7251EB7495888F96

Uniqueness

Uniqueness Score: -1.00%

Function 00402570, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71
registrytimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE ref: 0040259D
RegQueryInfoKeyA.ADVAPI32 ref: 0040260E
FileTimeToSystemTime.KERNEL32 ref: 0040261E
SystemTimeToFileTime.KERNEL32 ref: 0040263A
RegCloseKey.ADVAPI32 ref: 00402673
puts.MSVCRT ref: 0040268F

Strings

$p@, xrefs: 00402679

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: Time$FileSystem$CloseInfoOpenQueryputs
String ID: $p@
API String ID: 2021266425-2581991240
Opcode ID: 246f4c5230f712c0e59325744e55a6a9401e8df4bcb08566e9f23f35927ad1a9
Instruction ID: a44412c639be079ffefa57ed152e5e7faa3507e165b327a2f1c167a4494bedbe
Opcode Fuzzy Hash: 246f4c5230f712c0e59325744e55a6a9401e8df4bcb08566e9f23f35927ad1a9
Instruction Fuzzy Hash: 9531D6B08083099FDB00EFA5D54839EBFF0FF44358F00896DE888A7250D77995488F96

Uniqueness

Uniqueness Score: -1.00%

Function 004023B2, Relevance: 9.1, APIs: 6, Instructions: 73
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 004023F4
OpenProcessToken.ADVAPI32 ref: 0040240F
GetTokenInformation.KERNELBASE ref: 00402453
GetTokenInformation.KERNELBASE ref: 00402485
LookupAccountSidA.ADVAPI32 ref: 004024D1
ConvertSidToStringSidA.ADVAPI32 ref: 004024E7
printf.MSVCRT ref: 00402507
LocalAlloc.KERNEL32 ref: 0040254B

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: Token$InformationProcess$AccountAllocConvertCurrentLocalLookupOpenStringprintf
String ID:
API String ID: 892511574-0
Opcode ID: 252316a5d7d580bdd46366a4f4237d2c8dba491e7402719f374b0e5a4dea04bc
Instruction ID: 644458309707ad684d499cc189ab57b8859fe37fc9f9a8ef91d40be7c2034af6
Opcode Fuzzy Hash: 252316a5d7d580bdd46366a4f4237d2c8dba491e7402719f374b0e5a4dea04bc
Instruction Fuzzy Hash: A831DE718043199FCB50DF65D98878AFBF4FF84314F0089AED488A7251EB749688CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00402AF9, Relevance: 6.1, APIs: 4, Instructions: 53
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExA.KERNELBASE ref: 00402B6E
strlen.MSVCRT ref: 00402B7C
RegSetValueExA.KERNELBASE ref: 00402BAD
RegCloseKey.KERNELBASE ref: 00402BBB

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: Value$Closestrlen
String ID:
API String ID: 2641137173-0
Opcode ID: c126ce7880f74dc70501113a7896d1df5733dab2b7f81619b3c33a779b076ada
Instruction ID: 3d3a8f13f285c430ef15e382b6df9b9ab45053311c7b8ef291f0b0c0d0d2ec8b
Opcode Fuzzy Hash: c126ce7880f74dc70501113a7896d1df5733dab2b7f81619b3c33a779b076ada
Instruction Fuzzy Hash: 0A1108719046058FE704EF68C98578DB7F0FF84308F4089ADE488E7245DB79A988CF86

Uniqueness

Uniqueness Score: -1.00%

Function 0040253C, Relevance: 6.0, APIs: 4, Instructions: 45
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTokenInformation.KERNELBASE ref: 00402485
LookupAccountSidA.ADVAPI32 ref: 004024D1
ConvertSidToStringSidA.ADVAPI32 ref: 004024E7
LocalFree.KERNEL32 ref: 00402519
CloseHandle.KERNEL32 ref: 0040252B
LocalAlloc.KERNEL32 ref: 0040254B

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: Local$AccountAllocCloseConvertFreeHandleInformationLookupStringToken
String ID:
API String ID: 1207806530-0
Opcode ID: ca4944066bd6da7dc61d849fac7b1b2343fca66eaf930dec50635776dcdbfb29
Instruction ID: 9dbd1d594504f93497666f5ff2714cee2844a77f52ce2c798a0338e7630c7353
Opcode Fuzzy Hash: ca4944066bd6da7dc61d849fac7b1b2343fca66eaf930dec50635776dcdbfb29
Instruction Fuzzy Hash: CB11DDB59043199FC750DF68D58868EFBF0FF48310F0089AED488A3211E7749A88CF56

Uniqueness

Uniqueness Score: -1.00%

Function 00402A1C, Relevance: 3.0, APIs: 2, Instructions: 30
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE ref: 00402A79
puts.MSVCRT ref: 00402A8D
RegSetValueExA.KERNELBASE ref: 00402B6E
strlen.MSVCRT ref: 00402B7C
RegSetValueExA.KERNELBASE ref: 00402BAD
RegCloseKey.KERNELBASE ref: 00402BBB

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: Value$CloseOpenputsstrlen
String ID:
API String ID: 395390182-0
Opcode ID: b664c9b95a95ad0346b29781e8125cdd00e696894aff834768822329950a5d74
Instruction ID: b8d187f5214a6b5a955d1ae89fd79bdc970732b6045c066155a45adc95d47bc6
Opcode Fuzzy Hash: b664c9b95a95ad0346b29781e8125cdd00e696894aff834768822329950a5d74
Instruction Fuzzy Hash: 86F031B09043049FD710EF65C54434EBBF4EF84354F00C96EE48897241DBB995448F56

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00401780, Relevance: 10.7, APIs: 6, Strings: 1, Instructions: 220
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.MSVCRT ref: 004017CB
memcpy.MSVCRT ref: 004017E1
memset.MSVCRT ref: 00401805
malloc.MSVCRT ref: 00401A0D
memcpy.MSVCRT ref: 00401A23

Strings

@, xrefs: 00401946

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: mallocmemcpy$memset
String ID: @
API String ID: 99833469-2766056989
Opcode ID: 18a9f2f54b7c3804af6506720540f8b84cf2560265e67ac9261c22412a4eeefd
Instruction ID: c704dddb39b3fed60ddcf0625ba577d4055e906e90e0474efdca58c1b1bc5afc
Opcode Fuzzy Hash: 18a9f2f54b7c3804af6506720540f8b84cf2560265e67ac9261c22412a4eeefd
Instruction Fuzzy Hash: 6A8173716097408FC311CF2D888065EBBE2AFD5354F4DCA6EE0C99B352D638E909C796

Uniqueness

Uniqueness Score: -1.00%

Function 0040158C, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 004015A7
OpenProcess.KERNEL32 ref: 004015C0
OpenProcessToken.ADVAPI32 ref: 004015E0
malloc.MSVCRT ref: 004015FA
LookupAccountNameA.ADVAPI32 ref: 00401642
CheckTokenMembership.ADVAPI32 ref: 00401664
GetLastError.KERNEL32 ref: 00401685
printf.MSVCRT ref: 0040169A
GetLastError.KERNEL32 ref: 004016A8
printf.MSVCRT ref: 004016B9
GetLastError.KERNEL32 ref: 004016C7
printf.MSVCRT ref: 004016D8

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: ErrorLastProcessprintf$OpenToken$AccountCheckCurrentLookupMembershipNamemalloc
String ID:
API String ID: 2350166618-0
Opcode ID: 3b0faa36b393f347d51058b052492042c508baaf29f228957ce98c38411874ce
Instruction ID: 2b906c45ec089b33b958584bdfd409fd0e5085b56160df549a65abf7ece98d14
Opcode Fuzzy Hash: 3b0faa36b393f347d51058b052492042c508baaf29f228957ce98c38411874ce
Instruction Fuzzy Hash: DC21EBB18043199FC750EF64DA447DFBBF4EF44350F0089AEE888A7254EB7499848F86

Uniqueness

Uniqueness Score: -1.00%

Function 00403BDC, Relevance: 7.5, APIs: 5, Instructions: 38COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00403C2F
UnhandledExceptionFilter.KERNEL32 ref: 00403C3F
GetCurrentProcess.KERNEL32 ref: 00403C48
TerminateProcess.KERNEL32 ref: 00403C59
abort.MSVCRT ref: 00403C62

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID:
API String ID: 520269711-0
Opcode ID: 76c07a3073f0d67d995d7e9ebc7e6c83229556bc4119ef91ae843a392180844f
Instruction ID: c93e10eb7b46a5cce86e5c747f8fd7142c868c258911e588a02060185b9a1b14
Opcode Fuzzy Hash: 76c07a3073f0d67d995d7e9ebc7e6c83229556bc4119ef91ae843a392180844f
Instruction Fuzzy Hash: 8E01A2B4809604CFD700EFB9EA495097BF0BB08300F00853DE989AB360E774A444CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00403BE0, Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00403C2F
UnhandledExceptionFilter.KERNEL32 ref: 00403C3F
GetCurrentProcess.KERNEL32 ref: 00403C48
TerminateProcess.KERNEL32 ref: 00403C59
abort.MSVCRT ref: 00403C62

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID:
API String ID: 520269711-0
Opcode ID: 91537667c88ea3bc89070dad38cf917d4b6613f163f1921a76d8a35296654fc0
Instruction ID: 0af807383d623c080b417606dc743c04f722218f3e4514e9a686ac8720fc5d9c
Opcode Fuzzy Hash: 91537667c88ea3bc89070dad38cf917d4b6613f163f1921a76d8a35296654fc0
Instruction Fuzzy Hash: C60180B4909604CFD740EFB9EB496497BF0BB08304F00857DE989AB360EB74A544CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00401590, Relevance: 18.1, APIs: 12, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 004015A7
OpenProcess.KERNEL32 ref: 004015C0
OpenProcessToken.ADVAPI32 ref: 004015E0
malloc.MSVCRT ref: 004015FA
LookupAccountNameA.ADVAPI32 ref: 00401642
CheckTokenMembership.ADVAPI32 ref: 00401664
GetLastError.KERNEL32 ref: 00401685
printf.MSVCRT ref: 0040169A
GetLastError.KERNEL32 ref: 004016A8
printf.MSVCRT ref: 004016B9
GetLastError.KERNEL32 ref: 004016C7
printf.MSVCRT ref: 004016D8

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: ErrorLastProcessprintf$OpenToken$AccountCheckCurrentLookupMembershipNamemalloc
String ID:
API String ID: 2350166618-0
Opcode ID: 111986f97e8006be4781f1dafe1673483795eaf2840e17aa992ed29d4bded850
Instruction ID: dbf25c272997060d637d41b1388e6743939cdd7d97018284a2d6db79c4f25d14
Opcode Fuzzy Hash: 111986f97e8006be4781f1dafe1673483795eaf2840e17aa992ed29d4bded850
Instruction Fuzzy Hash: 03313BB09093059FC710EF74DA4429EBBF4EF48350F0189BEE989A7250EB3985948F86

Uniqueness

Uniqueness Score: -1.00%

Function 00402DB0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 16%

			E00402DB0(void* __eflags, int _a4, int _a8, int _a12, int _a16, int _a20, int _a24, int _a28) {
				int* _v0;
				int _v4;
				int _v8;
				wchar_t* _v12;
				char _v16;
				char _v32794;
				char _v33304;
				char _v33814;
				char _v34324;
				char _v34328;
				char _v34332;
				char _v34336;
				char _v34348;
				void* _v34364;
				char _v34380;
				int _v34396;
				char _v34412;
				int _v34416;
				void* _t65;
				int _t73;
				long _t77;
				intOrPtr _t84;
				int _t86;
				int _t87;
				short* _t88;
				int _t89;
				void* _t91;
				void* _t93;

				_t65 = E00404200(0x869c);
				_a12 =  &_v34332;
				_a8 =  &_v34336;
				_a4 =  &_v34328;
				_v0 =  &_v34396;
				_v8 =  &_v34412;
				_v12 =  &_v33814;
				_v34412 = 0xff;
				_v34396 = 0;
				_v34348 = 0x7ffe;
				_a28 = 0;
				_a24 = 0;
				_a20 = 0;
				_a16 = 0;
				_v4 = 0;
				_v16 = _a4;
				_t73 = RegQueryInfoKeyW(??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??, ??);
				_t93 = _t91 - _t65 - 0x30;
				if(_t73 != 0) {
					return wprintf(L"error: cannot query registry");
				} else {
					if(_v34396 != 0) {
						_t84 = 0;
						_t89 =  &_v34324;
						while(1) {
							L6:
							_v4 =  &_v34380;
							_v34380 = 0xff;
							_a12 = 0;
							_a8 = 0;
							_a4 = 0;
							_v0 = 0;
							_v8 = _t89;
							_v12 = _t84;
							_v16 = _a4;
							_t77 = RegEnumKeyExW(??, ??, ??, ??, ??, ??, ??, ??);
							_t93 = _t93 - 0x20;
							if(_t77 != 0) {
								break;
							}
							_v4 = _t89;
							if(_a8 != 0) {
								_t88 =  &_v33304;
								E004016F0(_t88, 0x1fe, L"SOFTWARE\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\%s\\UserChoice");
							} else {
								_t88 =  &_v33304;
								E004016F0(_t88, 0x1fe, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\%s\\UserChoice");
							}
							_t73 = RegOpenKeyExW(0x80000001, _t88, 0, 0x20019,  &_v34364);
							_t93 = _t93 - 0x14;
							if(_t73 == 0) {
								_a4 =  &_v34348;
								_t86 =  &_v32794;
								_v0 = _t86;
								_v34416 = _t86;
								_v34348 = 0x7ffe;
								_v4 = 0;
								_v8 = 0;
								_v12 = L"ProgId";
								_v16 = _v34364;
								_t73 = RegQueryValueExW(??, ??, ??, ??, ??, ??);
								_t87 = _v34416;
								_t93 = _t93 - 0x18;
								if(_t73 == 0) {
									_v8 = _t87;
									_v12 = _t89;
									_t73 = wprintf(L"%s, %s\n");
								}
							}
							_t84 = _t84 + 1;
							if(_v34396 > _t84) {
								continue;
							}
							goto L10;
						}
						_v16 = L"error: cannot enumerate registry";
						_t84 = _t84 + 1;
						_t73 = wprintf(??);
						if(_v34396 > _t84) {
							goto L6;
						}
					}
					L10:
					return _t73;
				}
			}

0x00402dbb
0x00402dc8
0x00402dd2
0x00402ddc
0x00402de6
0x00402df0
0x00402dfa
0x00402e01
0x00402e0b
0x00402e15
0x00402e1f
0x00402e27
0x00402e2f
0x00402e37
0x00402e3f
0x00402e47
0x00402e4a
0x00402e50
0x00402e55
0x00403008
0x00402e5b
0x00402e63
0x00402e69
0x00402e6b
0x00402ed6
0x00402ed6
0x00402edc
0x00402ee3
0x00402eed
0x00402ef5
0x00402efd
0x00402f05
0x00402f0d
0x00402f11
0x00402f15
0x00402f18
0x00402f1e
0x00402f23
0x00000000
0x00000000
0x00402f28
0x00402f2e
0x00402e73
0x00402e8c
0x00402f34
0x00402f34
0x00402f4d
0x00402f4d
0x00402eb6
0x00402ebc
0x00402ec1
0x00402f86
0x00402f90
0x00402f96
0x00402f9a
0x00402fa0
0x00402faa
0x00402fb2
0x00402fba
0x00402fc2
0x00402fc5
0x00402fcb
0x00402fd1
0x00402fd6
0x00402fdc
0x00402fe0
0x00402feb
0x00402feb
0x00402fd6
0x00402ec7
0x00402ed0
0x00000000
0x00000000
0x00000000
0x00402ed0
0x00402f57
0x00402f5e
0x00402f61
0x00402f6c
0x00000000
0x00000000
0x00402f6c
0x00402f72
0x00402f79
0x00402f79

APIs

RegQueryInfoKeyW.ADVAPI32 ref: 00402E4A
RegOpenKeyExW.ADVAPI32 ref: 00402EB6
RegEnumKeyExW.ADVAPI32 ref: 00402F18
wprintf.MSVCRT ref: 00402F61
wprintf.MSVCRT ref: 00402FFC

Strings

\b@, xrefs: 00402F3A

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: wprintf$EnumInfoOpenQuery
String ID: \b@
API String ID: 4254634424-3153086067
Opcode ID: 324216fd4cfd376d844104b6b332f7df15c4e595f042d72c385f492269db6362
Instruction ID: 1cdb1e7319a4b00985aa5e96af0d67ead8184c6ff0b40ecdc771a302da14bbe4
Opcode Fuzzy Hash: 324216fd4cfd376d844104b6b332f7df15c4e595f042d72c385f492269db6362
Instruction Fuzzy Hash: 38511BB08053158FDB10DF15C94869EFBF4BF84344F11C9BEE488A7291DB7986888F86

Uniqueness

Uniqueness Score: -1.00%

Function 00403010, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 56
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.ADVAPI32 ref: 00403044
RegCloseKey.ADVAPI32 ref: 00403066
RegOpenKeyExW.ADVAPI32 ref: 00403092
wprintf.MSVCRT ref: 004030A2
wprintf.MSVCRT ref: 004030B7

Part of subcall function 00402DB0: RegQueryInfoKeyW.ADVAPI32 ref: 00402E4A
Part of subcall function 00402DB0: RegOpenKeyExW.ADVAPI32 ref: 00402EB6
Part of subcall function 00402DB0: RegEnumKeyExW.ADVAPI32 ref: 00402F18
Part of subcall function 00402DB0: wprintf.MSVCRT ref: 00402F61

Strings

Td@, xrefs: 00403083

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: Openwprintf$CloseEnumInfoQuery
String ID: Td@
API String ID: 2180483866-3820597325
Opcode ID: 10cef42bc82b04ff61fee560b6344dbc1f7ac801814bbc76a9ac4c6bc565f3a6
Instruction ID: 5d5c137082eec89410860858f049285366b8ed35a4b62d8e218b2051146ae84f
Opcode Fuzzy Hash: 10cef42bc82b04ff61fee560b6344dbc1f7ac801814bbc76a9ac4c6bc565f3a6
Instruction Fuzzy Hash: 9C1121B0804315DFDB00BFA5D54929FBFF4EF40358F01882EE58467241D7B994548BDA

Uniqueness

Uniqueness Score: -1.00%

Function 004032E0, Relevance: 9.1, APIs: 6, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 60%

			E004032E0(intOrPtr* _a4) {
				char _v12;
				intOrPtr _v24;
				intOrPtr* _t12;
				intOrPtr _t13;
				intOrPtr* _t18;
				intOrPtr _t19;
				intOrPtr* _t22;

				_t18 = _a4;
				_t12 =  *((intOrPtr*)( *_t18));
				if(_t12 > 0xc0000091) {
					if(_t12 == 0xc0000094) {
						_t19 = 0;
						L12:
						_v24 = 0;
						 *_t22 = 8;
						L00404338();
						if(_t12 == 1) {
							_v24 = 1;
							 *_t22 = 8;
							L00404338();
							if(_t19 != 0) {
								E00403A80(_t12);
							}
							L15:
							_t13 = 0xffffffff;
							L16:
							return _t13;
						}
						if(_t12 == 0) {
							L9:
							_t13 =  *0x407064;
							if(_t13 == 0) {
								goto L16;
							}
							_a4 = _t18;
							_t22 =  &_v12;
							_pop(_t18);
							goto __eax;
						}
						 *_t22 = 8;
						 *_t12();
						goto L15;
					}
					if(_t12 == 0xc0000096) {
						L19:
						_v24 = 0;
						 *_t22 = 4;
						L00404338();
						if(_t12 == 1) {
							_v24 = 1;
							 *_t22 = 4;
							L00404338();
							goto L15;
						}
						if(_t12 == 0) {
							goto L9;
						}
						 *_t22 = 4;
						 *_t12();
						goto L15;
					}
					if(_t12 == 0xc0000093) {
						L17:
						_t19 = 1;
						goto L12;
					}
					goto L9;
				}
				if(_t12 >= 0xc000008d) {
					goto L17;
				}
				if(_t12 != 0xc0000005) {
					if(_t12 != 0xc000001d) {
						goto L9;
					}
					goto L19;
				}
				_v24 = 0;
				 *_t22 = 0xb;
				L00404338();
				if(_t12 == 1) {
					_v24 = 1;
					 *_t22 = 0xb;
					L00404338();
					goto L15;
				}
				if(_t12 == 0) {
					goto L9;
				}
				 *_t22 = 0xb;
				 *_t12();
				goto L15;
			}

0x004032e8
0x004032ed
0x004032f4
0x0040333d
0x00403361
0x00403363
0x00403363
0x0040336b
0x00403372
0x0040337a
0x00403406
0x0040340e
0x00403415
0x0040341c
0x00403422
0x00403422
0x0040338d
0x0040338d
0x00403392
0x00403398
0x00403398
0x00403382
0x0040334d
0x0040334d
0x00403354
0x00000000
0x00000000
0x00403356
0x00403359
0x0040335c
0x0040335f
0x0040335f
0x00403384
0x0040338b
0x00000000
0x0040338b
0x00403344
0x004033ae
0x004033ae
0x004033b6
0x004033bd
0x004033c5
0x004033f0
0x004033f8
0x004033ff
0x00000000
0x004033ff
0x004033c9
0x00000000
0x00000000
0x004033cb
0x004033d2
0x00000000
0x004033d2
0x0040334b
0x004033a0
0x004033a0
0x00000000
0x004033a0
0x00000000
0x0040334b
0x004032fb
0x00000000
0x00000000
0x00403306
0x004033ac
0x00000000
0x00000000
0x00000000
0x004033ac
0x0040330c
0x00403314
0x0040331b
0x00403323
0x004033d6
0x004033de
0x004033e5
0x00000000
0x004033e5
0x0040332b
0x00000000
0x00000000
0x0040332d
0x00403334
0x00000000

APIs

signal.MSVCRT ref: 0040331B
signal.MSVCRT ref: 00403372
signal.MSVCRT ref: 004033BD
signal.MSVCRT ref: 004033E5

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: signal
String ID:
API String ID: 1946981877-0
Opcode ID: ed3af095c9b52fa1645d37e6a783337c96b192b32cd2449b13933a98259822aa
Instruction ID: 1d6627308501263b4b887246d1756e2b9ad4b10aad438c04c10083339a6c0520
Opcode Fuzzy Hash: ed3af095c9b52fa1645d37e6a783337c96b192b32cd2449b13933a98259822aa
Instruction Fuzzy Hash: E9213CB0109300DAE7206FA4858036EBED8AB45766F12492FEDD4E72C1CB7D9A84875B

Uniqueness

Uniqueness Score: -1.00%

Function 00403009, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32 ref: 00403044
RegCloseKey.ADVAPI32 ref: 00403066
RegOpenKeyExW.ADVAPI32 ref: 00403092
wprintf.MSVCRT ref: 004030A2
wprintf.MSVCRT ref: 004030B7

Part of subcall function 00402DB0: RegQueryInfoKeyW.ADVAPI32 ref: 00402E4A
Part of subcall function 00402DB0: RegOpenKeyExW.ADVAPI32 ref: 00402EB6
Part of subcall function 00402DB0: RegEnumKeyExW.ADVAPI32 ref: 00402F18
Part of subcall function 00402DB0: wprintf.MSVCRT ref: 00402F61

Strings

Td@, xrefs: 00403083

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: Openwprintf$CloseEnumInfoQuery
String ID: Td@
API String ID: 2180483866-3820597325
Opcode ID: 41ab7d49ffdc91763d27016429cadfc3243766c8abf4d6da29d8015ad8e086fe
Instruction ID: fd25b14574a67ecea94e19ff6d6048ad3520cb15a73157fe21167ec30ee4e02d
Opcode Fuzzy Hash: 41ab7d49ffdc91763d27016429cadfc3243766c8abf4d6da29d8015ad8e086fe
Instruction Fuzzy Hash: 35012DB08043159FDB00AFA5D54936FBFF4EF40758F01882EE98867241D7B994588BDA

Uniqueness

Uniqueness Score: -1.00%

Function 00403B30, Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00403B68
GetCurrentProcessId.KERNEL32 ref: 00403B79
GetCurrentThreadId.KERNEL32 ref: 00403B81
GetTickCount.KERNEL32 ref: 00403B8A
QueryPerformanceCounter.KERNEL32 ref: 00403B99

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 851108c6b6259b2facbd109661269e1a64e5a0895d78f38946da170294d8fe44
Instruction ID: f6c3e8c53bb9a02aa4fa01db30375449be221f4d85175df23b3d18b599b00758
Opcode Fuzzy Hash: 851108c6b6259b2facbd109661269e1a64e5a0895d78f38946da170294d8fe44
Instruction Fuzzy Hash: 9B113476D002188BCF10AFB8EA481CEFBB4FB0C325F05457AD805B7210DA3469548F99

Uniqueness

Uniqueness Score: -1.00%

Function 0040367C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 0040365F
VirtualProtect.KERNEL32 ref: 004036A7
memcpy.MSVCRT ref: 004036BD
VirtualProtect.KERNEL32 ref: 004036E7

Strings

@, xrefs: 00403695

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: ProtectVirtualmemcpy
String ID: @
API String ID: 4237922067-2766056989
Opcode ID: 87dcebf669140ce12edef5d5fa5a1f8a028a4ca3d894f7ad06c880f358aa7192
Instruction ID: bd5f270fd96b2f437b39f6132b38b6103e973194d15fe76cf34161a0e328af58
Opcode Fuzzy Hash: 87dcebf669140ce12edef5d5fa5a1f8a028a4ca3d894f7ad06c880f358aa7192
Instruction Fuzzy Hash: 95018CB5905305AFDB10EFADD58449EFBF4EB88350F10882EE598E7350D635A9448B46

Uniqueness

Uniqueness Score: -1.00%

Function 00403200, Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

_lock.MSVCRT ref: 00403225
__dllonexit.MSVCRT ref: 00403263
_unlock.MSVCRT ref: 00403293
_onexit.MSVCRT ref: 004032A7

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: __dllonexit_lock_onexit_unlock
String ID:
API String ID: 209411981-0
Opcode ID: 9a809802039ff9fe12e8098fcbf92ce7f2a592af8b68d5b551853c1c16a2345b
Instruction ID: 22fba7df9a4a03f90c486e1a1f957e117b91a56f44203d71170a339c56e98b58
Opcode Fuzzy Hash: 9a809802039ff9fe12e8098fcbf92ce7f2a592af8b68d5b551853c1c16a2345b
Instruction Fuzzy Hash: C111E3B09083018FC704EF79D98540EBBE4BB88345F40093EF8C0A7392EA399584DB86

Uniqueness

Uniqueness Score: -1.00%

Function 00402D30, Relevance: 6.0, APIs: 4, Instructions: 44stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00402D3E
isspace.MSVCRT ref: 00402D5F
isspace.MSVCRT ref: 00402D83
memmove.MSVCRT ref: 00402D97

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: isspace$memmovestrlen
String ID:
API String ID: 1856428949-0
Opcode ID: a7b2d6549e36a7ebc38350192c83773f8cc15eeb568e6a34c8bc171e6b975e63
Instruction ID: d3fd9e5e57f39b4a205c1a9793b4953133b78507fa9ce56d84e8f1a505514e93
Opcode Fuzzy Hash: a7b2d6549e36a7ebc38350192c83773f8cc15eeb568e6a34c8bc171e6b975e63
Instruction Fuzzy Hash: B601D6B14087564BCA113F39598857FBFD8AF55784F05057EECC467382E27A98028695

Uniqueness

Uniqueness Score: -1.00%

Function 004034A0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 004034F0

Strings

Unknown error, xrefs: 004034AC
Tj@, xrefs: 004034D9

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: fprintf
String ID: Tj@$Unknown error
API String ID: 383729395-683221051
Opcode ID: 98a7d13db4f830e09ef209278c4be680dd2bd9fd44bb9394771d9a69b4d37234
Instruction ID: ae3cde43d5d25f7a7b6a284fe05902c46395ded8080ba9972480413c6e9a7ccd
Opcode Fuzzy Hash: 98a7d13db4f830e09ef209278c4be680dd2bd9fd44bb9394771d9a69b4d37234
Instruction Fuzzy Hash: ECF01774504641CBC300EF14E58441ABBF1FF89300B92C9A9E8C99B365D738D878CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00403D80, Relevance: 5.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00403DA7
free.MSVCRT ref: 00403DF1
LeaveCriticalSection.KERNEL32 ref: 00403DFD

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: CriticalSection$EnterLeavefree
String ID:
API String ID: 4020351045-0
Opcode ID: 893f1f38092aecc1b40df3f6a523824648419426be0b9831e1d4e448d09335b7
Instruction ID: f202c57a4ce99dcb0348e63208ed13094e1dcea2f6040547efc2bb8852973fe0
Opcode Fuzzy Hash: 893f1f38092aecc1b40df3f6a523824648419426be0b9831e1d4e448d09335b7
Instruction Fuzzy Hash: 7F012770B18202CFD700EF68DA8451ABFE4AF44305B1445BED885A7391EB38E990DB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00403C70, Relevance: 5.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00403C80
TlsGetValue.KERNEL32 ref: 00403CA5
GetLastError.KERNEL32 ref: 00403CB0
LeaveCriticalSection.KERNEL32 ref: 00403CD0

Memory Dump Source

Source File: 00000008.00000002.734053352.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000008.00000002.734041779.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734065928.0000000000406000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.734071936.0000000000408000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.734077998.000000000040B000.00000008.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_400000_setdf.jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeaveValue
String ID:
API String ID: 682475483-0
Opcode ID: 46fb981f7c797deaf9e6847ee4a88ce6dc15bc7ee9b17df910ed3ea49ad6667b
Instruction ID: 5fd713b1dae67ded7836070dd759722d66313b6020a9cea318f57296d00dc9d8
Opcode Fuzzy Hash: 46fb981f7c797deaf9e6847ee4a88ce6dc15bc7ee9b17df910ed3ea49ad6667b
Instruction Fuzzy Hash: CAF08176919A008BDB00BFB89A4855ABFB8FB80351F01057DDC95B3300DB34B924CBDA

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: wavebrowser.exe PID: 4928 Parent PID: 3124 wavebrowser.exeCOMMON

Execution Graph

Execution Coverage:	3.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	603
Total number of Limit Nodes:	22

Executed Functions

Function 00007FF7DD40A060, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 168
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE ref: 00007FF7DD40A1E0
GetLastError.KERNEL32 ref: 00007FF7DD40A248
GetLastError.KERNEL32 ref: 00007FF7DD40A25B
SetLastError.KERNEL32 ref: 00007FF7DD40A272
GetLastError.KERNEL32 ref: 00007FF7DD40A282
SetLastError.KERNEL32 ref: 00007FF7DD40A2C0

Strings

../../base/files/file_win.cc, xrefs: 00007FF7DD40A0B3
DoInitialize, xrefs: 00007FF7DD40A0AC

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorLast$CreateFile
String ID: ../../base/files/file_win.cc$DoInitialize
API String ID: 1722934493-2688016777
Opcode ID: 3caacdcde7e99c38a3eab37d141dd36826349d771c7d88d2b13bc84674a4db70
Instruction ID: 507aeb263697cccd4e7b92c79353910b25c18282321e3e4fa21bbe9e4f7d731f
Opcode Fuzzy Hash: 3caacdcde7e99c38a3eab37d141dd36826349d771c7d88d2b13bc84674a4db70
Instruction Fuzzy Hash: 1A513722B1CA5A85FB24AB15E81AB7DA6A2FF94340FC64139DE0E473D0EE7DD441C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DEA70, Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 409
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DF10F

Strings

SequenceManager, xrefs: 00007FF7DD3DF08F
snapshot, xrefs: 00007FF7DD3DF041
SequenceManager.YieldToNative, xrefs: 00007FF7DD3DF207, 00007FF7DD3DF22E
SequenceManagerImpl::SelectNextTask, xrefs: 00007FF7DD3DF154

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: SequenceManager$SequenceManager.YieldToNative$SequenceManagerImpl::SelectNextTask$snapshot
API String ID: 2882836952-1676124652
Opcode ID: 7340c877c7cec22c55e562cc82b4cc2f5abd6a2aaca3800549e2d4907f30a948
Instruction ID: 2414c63dab1a9405557e11c67027a1a7b74e4054bab2c3d27f5544d26c82126d
Opcode Fuzzy Hash: 7340c877c7cec22c55e562cc82b4cc2f5abd6a2aaca3800549e2d4907f30a948
Instruction Fuzzy Hash: 4612B52260CBC585EA65AB65E4603EEE7A0FB85784FC84237DA8E13795EF7CE045C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FB460, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 159
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileMappingW.KERNELBASE ref: 00007FF7DD3FB519
MapViewOfFile.KERNELBASE ref: 00007FF7DD3FB584
GetLastError.KERNEL32 ref: 00007FF7DD3FB657
SetLastError.KERNEL32 ref: 00007FF7DD3FB699

Strings

../../base/files/memory_mapped_file_win.cc, xrefs: 00007FF7DD3FB4B0
MapFileRegionToMemory, xrefs: 00007FF7DD3FB4A9

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorFileLast$CreateMappingView
String ID: ../../base/files/memory_mapped_file_win.cc$MapFileRegionToMemory
API String ID: 2231327692-1672964651
Opcode ID: b1ca63fc3013c83f633e30f0d366c36e4b64debb793afcfaa42a77af32e2b518
Instruction ID: 0f310fbe6d6fd56f6b111546798dcc522d0ddf0d6ef44a57a37c75a89541f6dd
Opcode Fuzzy Hash: b1ca63fc3013c83f633e30f0d366c36e4b64debb793afcfaa42a77af32e2b518
Instruction Fuzzy Hash: D051DE61A0DA5AC2EA20AB25A9457FEF3A5FF94B80FC5003ADE4D47791FE3CE0418350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD401300, Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 314
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE ref: 00007FF7DD4014DF
GetLastError.KERNEL32 ref: 00007FF7DD4014EE
DeleteFileW.KERNEL32 ref: 00007FF7DD401603
RemoveDirectoryW.KERNEL32 ref: 00007FF7DD40166F
GetFileAttributesW.KERNEL32 ref: 00007FF7DD401684
SetLastError.KERNEL32 ref: 00007FF7DD401723
SetFileAttributesW.KERNEL32 ref: 00007FF7DD4017A4

Strings

DeleteFileAndRecordMetrics, xrefs: 00007FF7DD4013BE
DoDeleteFile, xrefs: 00007FF7DD401408
Windows.PostOperationState., xrefs: 00007FF7DD401539
DeleteFile.NonRecursive, xrefs: 00007FF7DD40138A
DeleteFile.Recursive, xrefs: 00007FF7DD401383
../../base/files/file_util_win.cc, xrefs: 00007FF7DD4013C5
Windows.FilesystemError., xrefs: 00007FF7DD4016C1

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: File$Attributes$ErrorLast$DeleteDirectoryRemove
String ID: ../../base/files/file_util_win.cc$DeleteFile.NonRecursive$DeleteFile.Recursive$DeleteFileAndRecordMetrics$DoDeleteFile$Windows.FilesystemError.$Windows.PostOperationState.
API String ID: 1056033459-1974471093
Opcode ID: b5620de646cb1609f30dbff2da86c19e3cdb3007e942509e34d43fa1b14d6671
Instruction ID: 7f86e9a17479b743f2aa427e66e0edd5017e384ead9ae1f26d7102d9d011bb5e
Opcode Fuzzy Hash: b5620de646cb1609f30dbff2da86c19e3cdb3007e942509e34d43fa1b14d6671
Instruction Fuzzy Hash: D1D1B621A0C69681FA21AB25E8443FEE3A1BF90794FC40136DE9E577D9FE3DE5468310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD416D10, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 80
threadlibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7DD416E70: GetCurrentThreadId.KERNEL32 ref: 00007FF7DD416E95
Part of subcall function 00007FF7DD416E70: TryAcquireSRWLockExclusive.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000,00007FF7DD416D30), ref: 00007FF7DD416EA0

GetCurrentThread.KERNEL32 ref: 00007FF7DD416D90
SetThreadDescription.KERNELBASE ref: 00007FF7DD416D9C
IsDebuggerPresent.KERNEL32 ref: 00007FF7DD416DAD
_Init_thread_header.LIBCMT ref: 00007FF7DD416DC7
GetModuleHandleW.KERNEL32 ref: 00007FF7DD416DE0
GetProcAddress.KERNEL32 ref: 00007FF7DD416DF0
_Init_thread_footer.LIBCMT ref: 00007FF7DD416E04
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD416E17
RaiseException.KERNEL32 ref: 00007FF7DD416E52

Strings

SetThreadDescription, xrefs: 00007FF7DD416DE6
Kernel32.dll, xrefs: 00007FF7DD416DD9

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Thread$Current$AcquireAddressDebuggerDescriptionExceptionExclusiveHandleInit_thread_footerInit_thread_headerLockModulePresentProcRaise
String ID: Kernel32.dll$SetThreadDescription
API String ID: 2770420102-1724334159
Opcode ID: ccb18a5900143d8bbc01b878bb4747408867cdb79fd245826ff66d6c8b7388d2
Instruction ID: 8c642f288fee401e955e428d14c1770614a42f717932d81461f82b25f1fa4710
Opcode Fuzzy Hash: ccb18a5900143d8bbc01b878bb4747408867cdb79fd245826ff66d6c8b7388d2
Instruction Fuzzy Hash: 2A316172A0C6969AFB10AB21E9106BDA3B1BB44B90FD44036DE0E466A4EF3CE545C331

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD4012A0, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE ref: 00007FF7DD4014DF
GetLastError.KERNEL32 ref: 00007FF7DD4014EE

Strings

DeleteFileAndRecordMetrics, xrefs: 00007FF7DD4013BE
DoDeleteFile, xrefs: 00007FF7DD401408
Windows.PostOperationState., xrefs: 00007FF7DD401539
DeleteFile.NonRecursive, xrefs: 00007FF7DD40138A
DeleteFile.Recursive, xrefs: 00007FF7DD401383
../../base/files/file_util_win.cc, xrefs: 00007FF7DD4013C5

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: ../../base/files/file_util_win.cc$DeleteFile.NonRecursive$DeleteFile.Recursive$DeleteFileAndRecordMetrics$DoDeleteFile$Windows.PostOperationState.
API String ID: 1799206407-3862061102
Opcode ID: 475f2f4da3ff00eaf3d878a662175bb69cfaf28da16b9bca2e8f77e81a4d743b
Instruction ID: 281ff6a69916c1d77c36fc9a08cf472e8eed64395a5b00715d213278c1220990
Opcode Fuzzy Hash: 475f2f4da3ff00eaf3d878a662175bb69cfaf28da16b9bca2e8f77e81a4d743b
Instruction Fuzzy Hash: 7361D621A0CAD691EB21AB25E8013FEE3A1FF90794FC40236DE9D53799EE3CD5468310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E67C0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE ref: 00007FF7DD3E6838
GetLastError.KERNEL32 ref: 00007FF7DD3E6871
CloseHandle.KERNEL32 ref: 00007FF7DD3E689F
_Init_thread_header.LIBCMT ref: 00007FF7DD3E691D
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E694A

Strings

create_thread_last_error, xrefs: 00007FF7DD3E692B

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CloseCreateErrorHandleInit_thread_footerInit_thread_headerLastThread
String ID: create_thread_last_error
API String ID: 1016829980-3219933969
Opcode ID: a19266fa2154f701abeb9b3fc6c3617d305f32158c5ca3a56a09e95919d49c98
Instruction ID: 7f529649e8ebb288587752301269f195cf55c64b14616b26780cf56c1789c062
Opcode Fuzzy Hash: a19266fa2154f701abeb9b3fc6c3617d305f32158c5ca3a56a09e95919d49c98
Instruction Fuzzy Hash: 8E417A21A0D65686FA10BB51E8506BDE7A1BB88B90FC44A3BED4F476D1EE3CF4558320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FBBF0, Relevance: 10.6, APIs: 7, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3FBC59
GetVersionExW.KERNEL32 ref: 00007FF7DD3FBC8B
GetProductInfo.KERNEL32 ref: 00007FF7DD3FBCAD
_Init_thread_footer.LIBCMT ref: 00007FF7DD3FBD08
_Init_thread_header.LIBCMT ref: 00007FF7DD3FBD19

Part of subcall function 00007FF7DD51EFE0: EnterCriticalSection.KERNEL32(?,?,00000062,00007FF7DD3EC6D0), ref: 00007FF7DD51EFF0

GetNativeSystemInfo.KERNELBASE ref: 00007FF7DD3FBD3D
_Init_thread_footer.LIBCMT ref: 00007FF7DD3FBD6A

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: InfoInit_thread_footerInit_thread_header$CriticalEnterNativeProductSectionSystemVersion
String ID:
API String ID: 2554706446-0
Opcode ID: 9760a81509e627548a39c1db74879208bc4fad7b3b20c05c8a2f0dbc3ffc30b6
Instruction ID: 0c06af1dd807a13c2c059f649d9ca0053f7cea0bb250e6729015c4ad3985d907
Opcode Fuzzy Hash: 9760a81509e627548a39c1db74879208bc4fad7b3b20c05c8a2f0dbc3ffc30b6
Instruction Fuzzy Hash: D2416F75A1CA5A95F610EB24E990ABDB360BF94754FC05132DE4F03AA4EF3CB586C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FBE00, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 292
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7DD3FBE4C
IsWow64Process.KERNEL32 ref: 00007FF7DD3FBE62

Part of subcall function 00007FF7DD3FC3B0: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,00000000,00007FF7DD3FBEEB), ref: 00007FF7DD3FC3E6

Part of subcall function 00007FF7DD3FC430: RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00000000,00007FF7DD3FBF0F), ref: 00007FF7DD3FC477

Part of subcall function 00007FF7DD3FC4C0: RegQueryValueExW.KERNELBASE(?,?,00000000,?,00007FF7DD3FBF29), ref: 00007FF7DD3FC52F

Part of subcall function 00007FF7DD3FC360: RegCloseKey.KERNELBASE(?,?,00000000,00007FF7DD3FBF89), ref: 00007FF7DD3FC370

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00007FF7DD3FBECF
UBR, xrefs: 00007FF7DD3FBEF3
ReleaseId, xrefs: 00007FF7DD3FBF0F

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ProcessQueryValue$CloseCurrentOpenWow64
String ID: ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR
API String ID: 1114400673-4060060583
Opcode ID: 87082b2ce5035993e76724328a37260cf49258dd5109ac12af1c98a8c7f93684
Instruction ID: 497a5f4f142aae7a3220b3f9a572e6b2cc0e9dc6fb6544f495807a6573550267
Opcode Fuzzy Hash: 87082b2ce5035993e76724328a37260cf49258dd5109ac12af1c98a8c7f93684
Instruction Fuzzy Hash: E5D16172A0C68AC6EB649B29D8543BEE7A0FB44744FC4413ADB8E42690EF7CE495C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD40BD30, Relevance: 7.7, APIs: 5, Instructions: 156
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD40BD4F
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD40BE38
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD40BE4D
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD40BE99
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD40BEAE

Part of subcall function 00007FF7DD51EF94: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7DD51EFC4

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$Concurrency::cancel_current_taskCurrentThread
String ID:
API String ID: 387503476-0
Opcode ID: 1d44b1b9f6db6d2cd65eb0dcfee3c6858577ea75d6bce6198c2150951e093c08
Instruction ID: 2d63af9828da1929796aab5b199bb75b983da9b7b4c6a7cfc3859f0832424746
Opcode Fuzzy Hash: 1d44b1b9f6db6d2cd65eb0dcfee3c6858577ea75d6bce6198c2150951e093c08
Instruction Fuzzy Hash: BB517F32A0C68582EA20BB25E45437DA7A1BF95B94FC44132EF9E57791EF3CE045C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD40BF80, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 172
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD40C57C
_Init_thread_footer.LIBCMT ref: 00007FF7DD40C5AE

Strings

Run, xrefs: 00007FF7DD40C710
../../base/run_loop.cc, xrefs: 00007FF7DD40C717

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: ../../base/run_loop.cc$Run
API String ID: 4092853384-3948912905
Opcode ID: 8178aad64e06fbbaa71f2a1104fa0631c32dc6953c3abef24335c5773c22da08
Instruction ID: 35ed57945b21f0cc37709b5cf050761b67e1bc61b58e99982b55d83f22e77295
Opcode Fuzzy Hash: 8178aad64e06fbbaa71f2a1104fa0631c32dc6953c3abef24335c5773c22da08
Instruction Fuzzy Hash: 5C715A26A0CA46C1EA00FB25E8112BEE364BB45B94FC44137EE4E47396FE7CE145C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DE860, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DE945
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DEA05

Strings

task_type, xrefs: 00007FF7DD3DE97B

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: task_type
API String ID: 2882836952-4285383506
Opcode ID: c8b21fddea9571fdb03d68929ce90d25b0519b8a131a03a31ef4d8d91240370b
Instruction ID: fcfaaf9a3e5019209e674be620e81ce5a9f801e8aaafb93912faf8a449570bf3
Opcode Fuzzy Hash: c8b21fddea9571fdb03d68929ce90d25b0519b8a131a03a31ef4d8d91240370b
Instruction Fuzzy Hash: 0351C332A0C68585E750AF69A4507ADEBA0FB84794FD85236EE9E03B95EF3CE054C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD42E650, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE ref: 00007FF7DD42E6C9

Strings

PathExists, xrefs: 00007FF7DD42E68E
../../base/files/file_util_win.cc, xrefs: 00007FF7DD42E695

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AttributesFile
String ID: ../../base/files/file_util_win.cc$PathExists
API String ID: 3188754299-1196770437
Opcode ID: dcddf2058db73dbfd3b706b34a6b94e8597d2eaf737e07a003bd8c7d10271b8d
Instruction ID: cbb9f9e0b09f40f7d3e392933bd869da4b6415562be3a7c6550232125e297c47
Opcode Fuzzy Hash: dcddf2058db73dbfd3b706b34a6b94e8597d2eaf737e07a003bd8c7d10271b8d
Instruction Fuzzy Hash: 8411A321A1C69A92FA216B39A5017FDA370AF957A4FC81132ED4D03B50FE3DE5978350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FC4C0, Relevance: 3.1, APIs: 2, Instructions: 70
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,?,00000000,?,00007FF7DD3FBF29), ref: 00007FF7DD3FC52F
ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7DD3FC5A2

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: EnvironmentExpandQueryStringsValue
String ID:
API String ID: 1756134249-0
Opcode ID: 7ce9edd5ffc5dfbc8caa1b8e7ca612dcdc13b94878c74c0730f6a5e338cd3a1a
Instruction ID: ea49baff91700d120b5452f81dc183d748a10c1efa913b30fab0d6ffc8a83303
Opcode Fuzzy Hash: 7ce9edd5ffc5dfbc8caa1b8e7ca612dcdc13b94878c74c0730f6a5e338cd3a1a
Instruction Fuzzy Hash: 0821A861B1C59581FB60AB26E8906EEE754FB847D0FD04037EE4E83B84EE3CD4498B60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD40633F, Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7DD51EF94: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7DD51EFC4

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD4063C0

Part of subcall function 00007FF7DD3E67C0: CreateThread.KERNELBASE ref: 00007FF7DD3E6838

ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD4063F2

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireConcurrency::cancel_current_taskCreateReleaseThread
String ID:
API String ID: 1279789067-0
Opcode ID: 25ce8e76a093bf329ffb4fd32d11a497d6f66de08c84cc56723f07c5fb7a1740
Instruction ID: 3a60344ea9352cd39636a694218914d6674676a01e2b8cfe25fe9697ecaaaf0b
Opcode Fuzzy Hash: 25ce8e76a093bf329ffb4fd32d11a497d6f66de08c84cc56723f07c5fb7a1740
Instruction Fuzzy Hash: 7A218D2260D68587EA51EB11E4517BEA7A5EB88B94FC40037DE8E17782EF3CE409C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD409C90, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF7DD409D14

Strings

File::Initialize, xrefs: 00007FF7DD409D31

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorLast
String ID: File::Initialize
API String ID: 1452528299-1357756759
Opcode ID: 6042374f12a81cbe7c949ea7c51c1ed3e40b8af82f7120fd334154853ebea25b
Instruction ID: 662fc7f5cc96d9df6bb4b71a80bcd08c0b81182b0b2c6dbc941e1e771bb5bbf3
Opcode Fuzzy Hash: 6042374f12a81cbe7c949ea7c51c1ed3e40b8af82f7120fd334154853ebea25b
Instruction Fuzzy Hash: D4118E51A1C68B80FF60BB21B5121BDD350AF947D4FC85132EE8E136A2FE2CE0468720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD40650F, Relevance: 3.0, APIs: 2, Instructions: 45COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD4063C0
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD4063F2

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: 7e5b3f438d3ce45565c1e78bc6a4936a91835c0eb33a0e1cc9a87a78669fd487
Instruction ID: f9f1b90a7506c25e07bf9c7aa27dda82fadcbc190d84f1c591aed8bb9383fffb
Opcode Fuzzy Hash: 7e5b3f438d3ce45565c1e78bc6a4936a91835c0eb33a0e1cc9a87a78669fd487
Instruction Fuzzy Hash: 2801822660D58587E6A1EB11E0516BEA369AF44B60FC41036CF8F27781EF3CE046C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FC3B0, Relevance: 3.0, APIs: 2, Instructions: 37registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,00000000,00007FF7DD3FBEEB), ref: 00007FF7DD3FC3E6
RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000,00007FF7DD3FBEEB), ref: 00007FF7DD3FC422

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CloseOpen
String ID:
API String ID: 47109696-0
Opcode ID: f66a186caddb0c045ece783deb9b3e035680ee3cef1c66a4c5b89fc000bc5640
Instruction ID: 77a412c57d6c06533efafaa561b8802af83b1fa70b2ca799a23662a2d53b56bc
Opcode Fuzzy Hash: f66a186caddb0c045ece783deb9b3e035680ee3cef1c66a4c5b89fc000bc5640
Instruction Fuzzy Hash: E601A222A6EA5581FB519F15E99177EA3A4EB847E0F845032EE4F47B10EE3CD4508710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FC430, Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00000000,00007FF7DD3FBF0F), ref: 00007FF7DD3FC477

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 6f4f6532d7fc801cecaf7926ca0465425f51fb5bb382d2069ec9fbb1da2adec6
Instruction ID: dfac1fa8bb2ad9889555f5ea8f1b63b3fb66d4064c0776f095480db7683c9721
Opcode Fuzzy Hash: 6f4f6532d7fc801cecaf7926ca0465425f51fb5bb382d2069ec9fbb1da2adec6
Instruction Fuzzy Hash: 8101AD32618645C6E7519F28E88026EF3A4EB847A0F945032EA8E83B54EE3CD8008B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E86F0, Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000318,?,?,00007FF7DD51EFB3,?,?,?,00007FF7DD3D13B2,?,?,?,00007FF7DD3D1298), ref: 00007FF7DD3E870A

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e8dd1281c0960b0203101ac5dec9e439b2352e7326a5c791374b8b090f7a55bb
Instruction ID: 650a1a379d76416644a09cc1b07808c15ddefbbf4f17c4b4904d1e6315f63b61
Opcode Fuzzy Hash: e8dd1281c0960b0203101ac5dec9e439b2352e7326a5c791374b8b090f7a55bb
Instruction Fuzzy Hash: 8DE06D15E0C27582FE6567166A0067EC6804F99FE4ED85136CD5D02BC1BD2CA4826A20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD51EF94, Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DD3E86F0: RtlAllocateHeap.NTDLL(00000318,?,?,00007FF7DD51EFB3,?,?,?,00007FF7DD3D13B2,?,?,?,00007FF7DD3D1298), ref: 00007FF7DD3E870A

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7DD51EFC4

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AllocateConcurrency::cancel_current_taskHeap
String ID:
API String ID: 333155141-0
Opcode ID: 9058a0fa0175ce80cacc03f0af2fc47cb033d11c1964f8514bf8ae7b30eff2f0
Instruction ID: 13ea5f303f42bd54f30f70ce8fef7392d127fe929365a9af458b1e08150c9425
Opcode Fuzzy Hash: 9058a0fa0175ce80cacc03f0af2fc47cb033d11c1964f8514bf8ae7b30eff2f0
Instruction Fuzzy Hash: 1BE0B600E2D14F81FD283AA114564BDD4440F59370EEC1B36ED3F692C2BD2CA4A94170

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FC360, Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNELBASE(?,?,00000000,00007FF7DD3FBF89), ref: 00007FF7DD3FC370

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 08753ffdae15352fe3e5036fbf7c1b6256ee87d894a2fee4f933ea24982d0233
Instruction ID: ab10879f4eb2c7bcde682e27ded5d8a110be5544965f9d56f38f74c0a15c3b1f
Opcode Fuzzy Hash: 08753ffdae15352fe3e5036fbf7c1b6256ee87d894a2fee4f933ea24982d0233
Instruction Fuzzy Hash: 45E06D76A0AB09C2FF259B66F0903A9A260EB48B44F948032CB5E07B90EF7DD4818300

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF7DD40D740, Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 407COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD40D7AD
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD40D8BB
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD40D94F
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD40D9AB
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD40D9D4
_Init_thread_header.LIBCMT ref: 00007FF7DD40DAB3
_Init_thread_footer.LIBCMT ref: 00007FF7DD40DB15

Strings

33333333, xrefs: 00007FF7DD40D7CC
GetCurrentDirectoryW, xrefs: 00007FF7DD42C3A0
UUUUUUUU, xrefs: 00007FF7DD40D7C2
../../base/files/file_util_win.cc, xrefs: 00007FF7DD42C3A7

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire$Init_thread_footerInit_thread_header
String ID: ../../base/files/file_util_win.cc$33333333$GetCurrentDirectoryW$UUUUUUUU
API String ID: 2163625389-528848658
Opcode ID: 9fd8c6b280c106c6b81c2dabf0fba40c85a101da8f1c75b4b7accdff32db598b
Instruction ID: 8ae973a38bd360589c706979fe7af9fb14950de138da4b3ed206e300a5067ed3
Opcode Fuzzy Hash: 9fd8c6b280c106c6b81c2dabf0fba40c85a101da8f1c75b4b7accdff32db598b
Instruction Fuzzy Hash: 4CF17222B1C64682EE14AB15D4503BEE361BF94B94FC84137EE8E17B95EF3CE54A8710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E87A0, Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 402threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DD3DA9F0: GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DAA46

Part of subcall function 00007FF7DD3DB1D0: TlsGetValue.KERNEL32 ref: 00007FF7DD3DB1E2

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E88CF
_Init_thread_header.LIBCMT ref: 00007FF7DD3E8BD8
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E8C09
_Init_thread_header.LIBCMT ref: 00007FF7DD3E8C4E
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E8C7F

Strings

ThreadController::Suspended, xrefs: 00007FF7DD3E87A9
../../base/trace_event/trace_log.cc, xrefs: 00007FF7DD3E8CF4

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentInit_thread_footerInit_thread_headerThread$Value
String ID: ../../base/trace_event/trace_log.cc$ThreadController::Suspended
API String ID: 1297581222-2367873125
Opcode ID: ecc91a0830d0728d25b64e5901855c3d27a8b98abf43d7d757c7c00da17e2a99
Instruction ID: e25929a76f55cd256c3d7f8ed13c141d4ddb5077fc0e42ec7a3c1af27af5b6f9
Opcode Fuzzy Hash: ecc91a0830d0728d25b64e5901855c3d27a8b98abf43d7d757c7c00da17e2a99
Instruction Fuzzy Hash: 71123E32A0DAC5C6E665AB15E4403AEF7A0FB99794FC44236DE9D43795EF3CE0418B20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD5369D0, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF7DD536A3F
WriteFile.KERNEL32 ref: 00007FF7DD536CF6
WriteFile.KERNEL32 ref: 00007FF7DD536D48
GetLastError.KERNEL32 ref: 00007FF7DD536E4A
GetLastError.KERNEL32 ref: 00007FF7DD536EAA

Strings

MZx, xrefs: 00007FF7DD536A0B, 00007FF7DD536AAA, 00007FF7DD536B52, 00007FF7DD536C1A, 00007FF7DD536D94, 00007FF7DD536E1E

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID: MZx
API String ID: 1443284424-2575928145
Opcode ID: 8a860757fd3e21eabc79faa7ccf6e34d2bf08f84774a7b84ea60bec0f007be46
Instruction ID: 8134e522cd39e4721b3843f660ff8437465059bdce93b4cb38e38b8ef415eebf
Opcode Fuzzy Hash: 8a860757fd3e21eabc79faa7ccf6e34d2bf08f84774a7b84ea60bec0f007be46
Instruction Fuzzy Hash: FDE1F022B1CA899AE701DF64D4401ADBBB1FB45788FC4813BDE4E57B98EE78D41AC710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD416E70, Relevance: 9.3, APIs: 6, Instructions: 333threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD416E95
TryAcquireSRWLockExclusive.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000,00007FF7DD416D30), ref: 00007FF7DD416EA0
ReleaseSRWLockExclusive.KERNEL32(?,?,00000000,?,?,?,?,?,?,00000000,00007FF7DD416D30), ref: 00007FF7DD4171AF

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread
String ID:
API String ID: 135963836-0
Opcode ID: e83085ba7b5376c95e70ad367d78ddf993acde2de56678ddf3e6670e54c90a9d
Instruction ID: efd723975df0582e31510e03c744477bce850b484cc576e63618a45996fc77db
Opcode Fuzzy Hash: e83085ba7b5376c95e70ad367d78ddf993acde2de56678ddf3e6670e54c90a9d
Instruction Fuzzy Hash: 90E1AA22B0DA96C5EE10AF12D45427DA3A5FB58F84BE88136DE4E47794EF38E495C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD532534, Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF7DD5325AD
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7DD5325C5
RtlVirtualUnwind.KERNEL32 ref: 00007FF7DD532600
IsDebuggerPresent.KERNEL32 ref: 00007FF7DD532639
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7DD532643
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7DD53264E

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 3ea562e2f8e7a4318af99a092c1169bc9dda556f248615854f2b11d062294bb1
Instruction ID: 0ede1efe9dcfdd2833cca7c8a0ce6f9256e7ba6b5fa1c06a8744bee952612a05
Opcode Fuzzy Hash: 3ea562e2f8e7a4318af99a092c1169bc9dda556f248615854f2b11d062294bb1
Instruction Fuzzy Hash: 15317F36608F8585DB609B25E8406AEB3A4FB88754FD40136EE9E43B58EF38C159CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3ECDC0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3ECFA0
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3ED044

Strings

MessagePumpForUI::WaitForWork PeekMessage, xrefs: 00007FF7DD3ED09F, 00007FF7DD3ED0E2
MessagePumpForUI::WaitForWork GetQueueStatus, xrefs: 00007FF7DD3ECFED, 00007FF7DD3ED022

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: MessagePumpForUI::WaitForWork GetQueueStatus$MessagePumpForUI::WaitForWork PeekMessage
API String ID: 2882836952-3056387654
Opcode ID: efcd120020928fb2f9748679d09c33d511815909317ccfe57d198f94718f2f5a
Instruction ID: 43151a76a202b81cb6193d7b03f30b5521341770d7b73ef81885bb1793b95603
Opcode Fuzzy Hash: efcd120020928fb2f9748679d09c33d511815909317ccfe57d198f94718f2f5a
Instruction Fuzzy Hash: 6BA1517261C68685E720AB29E4113AEF7E0FB89754FC4523AEA9D43795EF3CE045CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F01A2, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3F01D9

Strings

33333333, xrefs: 00007FF7DD3F02FE
UUUUUUUU, xrefs: 00007FF7DD3F02EB

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AcquireExclusiveLock
String ID: 33333333$UUUUUUUU
API String ID: 4021432409-3483174168
Opcode ID: 7a6ca96141da4f78a26eb42963c7a7724b7f1ebb8bc9c9b6e1cc4ee59a66581a
Instruction ID: a5b3a572a2e2ab7eb8df491ee3633a05a1cb97694d25b9168b8960dca9011588
Opcode Fuzzy Hash: 7a6ca96141da4f78a26eb42963c7a7724b7f1ebb8bc9c9b6e1cc4ee59a66581a
Instruction Fuzzy Hash: C7619152F8E95AC1EE24A7259A143BDD252BB55BE1FCC8037CD5D07B99FE3CE1818220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD428670, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32 ref: 00007FF7DD4286CE
GetLastError.KERNEL32 ref: 00007FF7DD428784

Strings

Error (0x%lX) while retrieving error. (0x%lX), xrefs: 00007FF7DD42878A
(0x%lX), xrefs: 00007FF7DD4286DC

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID: (0x%lX)$Error (0x%lX) while retrieving error. (0x%lX)
API String ID: 3479602957-3206765257
Opcode ID: a63a597e0eaf369be1afc3e0fef048d1b526596184d86a1b5cba63cde0cecc69
Instruction ID: bad209734219056e576ff7eb1e87c2ea112a607108776a95448e1f23dce98ac6
Opcode Fuzzy Hash: a63a597e0eaf369be1afc3e0fef048d1b526596184d86a1b5cba63cde0cecc69
Instruction Fuzzy Hash: 90319025A0C75681EB51AB22E8007BEEB50BBC8BC0FC45132EE8E43B55EF7CE0459750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3ECAF0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3ECC00

Part of subcall function 00007FF7DD3DA380: GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DA3C7

Strings

MessagePumpForUI::ProcessNextWindowsMessage GetQueueStatus, xrefs: 00007FF7DD3ECC46
MessagePumpForUI::ProcessNextWindowsMessage PeekMessage, xrefs: 00007FF7DD3ECCB2

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: MessagePumpForUI::ProcessNextWindowsMessage GetQueueStatus$MessagePumpForUI::ProcessNextWindowsMessage PeekMessage
API String ID: 2882836952-1151399461
Opcode ID: babb6a7ea38b3ddcd5fbd4a2004ee229f3c6fe8ae1399d3e1b47d303b89f6fb8
Instruction ID: 910be48c585fdd9f2d4e59abe55f1abc0c1124f759e139f647297aff944402ac
Opcode Fuzzy Hash: babb6a7ea38b3ddcd5fbd4a2004ee229f3c6fe8ae1399d3e1b47d303b89f6fb8
Instruction Fuzzy Hash: 43618231A1C69685E620AB25E8113FEE7A0BF99784FC45236EE8D03795EF3CE145C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD45D940, Relevance: 40.5, APIs: 2, Strings: 21, Instructions: 294COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD45D978
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD45D9F1

Strings

delayed_incoming_queue, xrefs: 00007FF7DD45DE48
unregistered, xrefs: 00007FF7DD45D9C9
priority, xrefs: 00007FF7DD45DD7A
delay_to_next_task_ms, xrefs: 00007FF7DD45DCB7
delayed_work_queue_capacity, xrefs: 00007FF7DD45DC1F
immediate_incoming_queue, xrefs: 00007FF7DD45DDB9
delayed_fence_seconds_from_now, xrefs: 00007FF7DD45DD27
task_queue_id, xrefs: 00007FF7DD45DA35
immediate_work_queue, xrefs: 00007FF7DD45DE1B
delayed_work_queue_size, xrefs: 00007FF7DD45DB5E
current_fence, xrefs: 00007FF7DD45DCE8
delayed_incoming_queue_size, xrefs: 00007FF7DD45DB04
0x%llx, xrefs: 00007FF7DD45DA1E
time_domain_name, xrefs: 00007FF7DD45DAA0
immediate_work_queue_capacity, xrefs: 00007FF7DD45DBDF
immediate_work_queue_size, xrefs: 00007FF7DD45DB31
enabled, xrefs: 00007FF7DD45DA71
name, xrefs: 00007FF7DD45D9A1
delayed_work_queue, xrefs: 00007FF7DD45DDEA
any_thread_.immediate_incoming_queuesize, xrefs: 00007FF7DD45DAC9
any_thread_.immediate_incoming_queuecapacity, xrefs: 00007FF7DD45DBA0

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: 0x%llx$any_thread_.immediate_incoming_queuecapacity$any_thread_.immediate_incoming_queuesize$current_fence$delay_to_next_task_ms$delayed_fence_seconds_from_now$delayed_incoming_queue$delayed_incoming_queue_size$delayed_work_queue$delayed_work_queue_capacity$delayed_work_queue_size$enabled$immediate_incoming_queue$immediate_work_queue$immediate_work_queue_capacity$immediate_work_queue_size$name$priority$task_queue_id$time_domain_name$unregistered
API String ID: 17069307-2174853566
Opcode ID: f120018444aa25a9c5b3d999b964c96b24bd52b841ea6cf0629c57ab3d7d9949
Instruction ID: 516ba54eb1b576359d1f486d1dd952193a900c888871e0b549d5f2fcf8802e18
Opcode Fuzzy Hash: f120018444aa25a9c5b3d999b964c96b24bd52b841ea6cf0629c57ab3d7d9949
Instruction Fuzzy Hash: FDE1076260CB8A94EB50AF15E4543ADB364FB89B88FC48036DE4E07755EF7DD189C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD544234, Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF7DD54424F
try_get_function.LIBVCRUNTIME ref: 00007FF7DD54426E

Part of subcall function 00007FF7DD544390: GetProcAddress.KERNEL32(?,?,00000005,00007FF7DD543CEA,?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269), ref: 00007FF7DD5444E8

try_get_function.LIBVCRUNTIME ref: 00007FF7DD54428D

Part of subcall function 00007FF7DD544390: LoadLibraryExW.KERNEL32(?,?,00000005,00007FF7DD543CEA,?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269), ref: 00007FF7DD544433
Part of subcall function 00007FF7DD544390: GetLastError.KERNEL32(?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269,?,?,?,?,00007FF7DD5429D6,?,?,00000000), ref: 00007FF7DD544441
Part of subcall function 00007FF7DD544390: LoadLibraryExW.KERNEL32(?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269,?,?,?,?,00007FF7DD5429D6,?,?,00000000), ref: 00007FF7DD544483

try_get_function.LIBVCRUNTIME ref: 00007FF7DD5442AC

Part of subcall function 00007FF7DD544390: FreeLibrary.KERNEL32(?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269,?,?,?,?,00007FF7DD5429D6,?,?,00000000), ref: 00007FF7DD5444BC

try_get_function.LIBVCRUNTIME ref: 00007FF7DD5442CB
try_get_function.LIBVCRUNTIME ref: 00007FF7DD5442EA
try_get_function.LIBVCRUNTIME ref: 00007FF7DD544309
try_get_function.LIBVCRUNTIME ref: 00007FF7DD544328
try_get_function.LIBVCRUNTIME ref: 00007FF7DD544347
try_get_function.LIBVCRUNTIME ref: 00007FF7DD544366

Strings

GetUserDefaultLocaleName, xrefs: 00007FF7DD5442EF, 00007FF7DD544302
EnumSystemLocalesEx, xrefs: 00007FF7DD544273, 00007FF7DD544286
LCIDToLocaleName, xrefs: 00007FF7DD54434C, 00007FF7DD54435F
CompareStringEx, xrefs: 00007FF7DD544267
LCMapStringEx, xrefs: 00007FF7DD544340
IsValidLocaleName, xrefs: 00007FF7DD54430E, 00007FF7DD544321
AreFileApisANSI, xrefs: 00007FF7DD544248
LocaleNameToLCID, xrefs: 00007FF7DD54436B, 00007FF7DD54437E
GetTimeFormatEx, xrefs: 00007FF7DD5442D0, 00007FF7DD5442E3
GetDateFormatEx, xrefs: 00007FF7DD544292, 00007FF7DD5442A5
GetLocaleInfoEx, xrefs: 00007FF7DD5442C4

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
API String ID: 3255926029-3252031757
Opcode ID: f83c9ce4c80e8a4b52c03f58ea9f84798ef6b9b10d27f24e1776d122edcfa0f4
Instruction ID: 0c534558337524e50b574dbaa9af952a4b0260c17d279c26f712038e0cd7f4ac
Opcode Fuzzy Hash: f83c9ce4c80e8a4b52c03f58ea9f84798ef6b9b10d27f24e1776d122edcfa0f4
Instruction Fuzzy Hash: 47315E7491CA4FA1EB44FB50E8616FCA325AB04746FD04033DD0F061A7EE7CA689C362

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D89D0, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 117threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00007FF7DD3D8A2E
GetThreadPriority.KERNEL32 ref: 00007FF7DD3D8A33
GetCurrentThread.KERNEL32 ref: 00007FF7DD3D8A3B
SetThreadPriority.KERNEL32 ref: 00007FF7DD3D8A45
QueryPerformanceCounter.KERNEL32 ref: 00007FF7DD3D8AAA
GetCurrentThread.KERNEL32 ref: 00007FF7DD3D8AB3
SetThreadPriority.KERNEL32 ref: 00007FF7DD3D8ABE
QueryPerformanceFrequency.KERNEL32 ref: 00007FF7DD3D8ACF
_Init_thread_header.LIBCMT ref: 00007FF7DD3D8B66
_Init_thread_footer.LIBCMT ref: 00007FF7DD3D8B8F
_Init_thread_header.LIBCMT ref: 00007FF7DD3D8BA0
QueryPerformanceCounter.KERNEL32 ref: 00007FF7DD3D8BC1
_Init_thread_footer.LIBCMT ref: 00007FF7DD3D8BD8

Strings

ThreadController::Suspended, xrefs: 00007FF7DD3D89D5

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Thread$CurrentPerformancePriorityQuery$CounterInit_thread_footerInit_thread_header$Frequency
String ID: ThreadController::Suspended
API String ID: 521408450-805077164
Opcode ID: e6ff1d6724994a36753450347ca56ec8e7f8eddf14eb61fe2da00d67f8dc330e
Instruction ID: 5ef128903bb97a6244434aebbf95d23b5292335a8db28bfc09f9586a32f5ecb8
Opcode Fuzzy Hash: e6ff1d6724994a36753450347ca56ec8e7f8eddf14eb61fe2da00d67f8dc330e
Instruction Fuzzy Hash: 8551CB21A0CA5A8AE612AB34E951A3DE365BF44791FC55333DD0F126A1EF3CB186C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FE4C0, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 133libraryloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7DD3FE582
DuplicateHandle.KERNEL32 ref: 00007FF7DD3FE5B3
CloseHandle.KERNEL32 ref: 00007FF7DD3FE5C4
GetLastError.KERNEL32 ref: 00007FF7DD3FE606
SetLastError.KERNEL32 ref: 00007FF7DD3FE61A
_Init_thread_header.LIBCMT ref: 00007FF7DD3FE66E
GetModuleHandleW.KERNEL32 ref: 00007FF7DD3FE687
GetProcAddress.KERNEL32 ref: 00007FF7DD3FE697
_Init_thread_footer.LIBCMT ref: 00007FF7DD3FE6AB
GetLastError.KERNEL32 ref: 00007FF7DD3FE6C5

Strings

NtQuerySection, xrefs: 00007FF7DD3FE68D
ntdll.dll, xrefs: 00007FF7DD3FE680

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorHandleLast$AddressCloseCurrentDuplicateInit_thread_footerInit_thread_headerModuleProcProcess
String ID: NtQuerySection$ntdll.dll
API String ID: 4290514288-111412263
Opcode ID: 0c5ce8e10bac66c720e3d24ad3709642d252c4d7bd6a2228b37a9daedc89962c
Instruction ID: b740a18df6dd82f7accab3a129967367f4818035381bbce2b580c2b3dfd024af
Opcode Fuzzy Hash: 0c5ce8e10bac66c720e3d24ad3709642d252c4d7bd6a2228b37a9daedc89962c
Instruction Fuzzy Hash: 26519171A0CA5A85EA10BF65E8506BDE3A1BF487A0FC4113AEE5E17794FF3CE5408720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E7CF0, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 236COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3E7D68
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E7D9C
_Init_thread_header.LIBCMT ref: 00007FF7DD3E7DFF
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E7E2C

Strings

heap_profiler_predicate, xrefs: 00007FF7DD3E7EAF, 00007FF7DD3E7ED7
event_whitelist_predicate, xrefs: 00007FF7DD3E7E56, 00007FF7DD3E7E8E
event_name_whitelist, xrefs: 00007FF7DD3E8024

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: event_name_whitelist$event_whitelist_predicate$heap_profiler_predicate
API String ID: 4092853384-959554088
Opcode ID: 1fdab2d97ebdd9d7cd018f8b9ef06e973134cb72403adba7e8729215ca54f313
Instruction ID: ecab42973558370bcc6f5f8f21f1da197a2141d1f77a2e229575eb20ea6460a4
Opcode Fuzzy Hash: 1fdab2d97ebdd9d7cd018f8b9ef06e973134cb72403adba7e8729215ca54f313
Instruction Fuzzy Hash: 9AB13922A0DA4685EA40EB15E45077DF3A1EB84B90FD05636EE5E477E1EF7CE845C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E85A0, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 93libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF7DD3E8658
GetProcAddress.KERNEL32 ref: 00007FF7DD3E866E
FreeLibrary.KERNEL32 ref: 00007FF7DD3E8693
GetModuleHandleExW.KERNEL32 ref: 00007FF7DD3E86DF

Strings

EventSetInformation, xrefs: 00007FF7DD3E8667
Google.Chrome, xrefs: 00007FF7DD3E85AA
advapi32.dll, xrefs: 00007FF7DD3E86CF
api-ms-win-eventing-provider-l1-1-0.dll, xrefs: 00007FF7DD3E864D

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID: EventSetInformation$Google.Chrome$advapi32.dll$api-ms-win-eventing-provider-l1-1-0.dll
API String ID: 3947729631-1037291142
Opcode ID: e0118fe434a9e0d62070b9cdb7bf355e07768046950d393a9f2f0cfe58c6398e
Instruction ID: 5588de113f1cfce091231532d0d230535adf0fe6db23cd746f8f60aea66158a9
Opcode Fuzzy Hash: e0118fe434a9e0d62070b9cdb7bf355e07768046950d393a9f2f0cfe58c6398e
Instruction Fuzzy Hash: B0316271A0C65682E720AB12E94067EE3A5FB9CB94FC44137DE5F47790EE3CE5058310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E5EC0, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 180threadCOMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E5F6A
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E5F9A
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E6137

Strings

../../base/task/sequence_manager/task_queue_impl.cc, xrefs: 00007FF7DD3E5F29
SequenceManagerImpl::UnregisterTaskQueue, xrefs: 00007FF7DD3E5EC6
UnregisterTaskQueue, xrefs: 00007FF7DD3E5F22
TaskQueueImpl::UnregisterTaskQueue, xrefs: 00007FF7DD3E6177

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread
String ID: ../../base/task/sequence_manager/task_queue_impl.cc$SequenceManagerImpl::UnregisterTaskQueue$TaskQueueImpl::UnregisterTaskQueue$UnregisterTaskQueue
API String ID: 135963836-340724832
Opcode ID: d75d3a1234f69bde1e2c14f2a8c856ef7bc6c21922fe9001a17d7c986dc218c4
Instruction ID: 9fd7a2682408c909f76d3385bc74e4502bf977ae63512ff5e690bfbcaac62f42
Opcode Fuzzy Hash: d75d3a1234f69bde1e2c14f2a8c856ef7bc6c21922fe9001a17d7c986dc218c4
Instruction Fuzzy Hash: 6F81A421A0C795D2EA15AB21D5103BEE350BF49794FC4463ADE5E07AC6EF3CE466C321

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EC0D0, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 179threadCOMMON

Download Yara Rule

APIs

GetQueuedCompletionStatus.KERNEL32 ref: 00007FF7DD3EC162
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3EC1C3
GetLastError.KERNEL32 ref: 00007FF7DD3EC2DD

Strings

base,toplevel, xrefs: 00007FF7DD3EC2F4
IOHandler::OnIOCompleted, xrefs: 00007FF7DD3EC236
dest_file, xrefs: 00007FF7DD3EC1ED
dest_func, xrefs: 00007FF7DD3EC1F9

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CompletionCurrentErrorLastQueuedStatusThread
String ID: IOHandler::OnIOCompleted$base,toplevel$dest_file$dest_func
API String ID: 2913705192-2347511066
Opcode ID: 94c4ecb398058d672ab9533c5a3ffe43c33d4baea49b29a87f2af53b8a2b6cfc
Instruction ID: a312adf5157ba208383e115d4d284369a5ed607a3b7fd093c1cbcccef52fddc2
Opcode Fuzzy Hash: 94c4ecb398058d672ab9533c5a3ffe43c33d4baea49b29a87f2af53b8a2b6cfc
Instruction Fuzzy Hash: 7681513290CB8586EA51AB59E84036EE7A0FB89790FD4423AEA8D43B95EF7CD045C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E32A0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E348D

Strings

task_queue_name, xrefs: 00007FF7DD3E34D3
SequenceManager PostTask, xrefs: 00007FF7DD3E32AD

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: SequenceManager PostTask$task_queue_name
API String ID: 2882836952-41416774
Opcode ID: a1c9b27b2347c1c029bb57e9d484921d2305d747d545dfe1afb63170077cbbb0
Instruction ID: 61b1f230d6a0d02c771c676259236eac0facdf250542bbcd634047eb5772834c
Opcode Fuzzy Hash: a1c9b27b2347c1c029bb57e9d484921d2305d747d545dfe1afb63170077cbbb0
Instruction Fuzzy Hash: A1816832A0CA4685EA14EB15E5447BDE7A0EB98794FC4523ADE4E436E1EF3CE085C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD401A00, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 158fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DD3F3FD0: FindNextFileW.KERNEL32 ref: 00007FF7DD3F40A1
Part of subcall function 00007FF7DD3F3FD0: GetLastError.KERNEL32 ref: 00007FF7DD3F40B0

DeleteFileW.KERNEL32 ref: 00007FF7DD401AFD
GetLastError.KERNEL32 ref: 00007FF7DD401B0B
RemoveDirectoryW.KERNEL32 ref: 00007FF7DD401C03
GetLastError.KERNEL32 ref: 00007FF7DD401C16
SetFileAttributesW.KERNEL32 ref: 00007FF7DD401C5A

Strings

DeleteFile.NonRecursive, xrefs: 00007FF7DD401A06
../../base/files/file_util_win.cc, xrefs: 00007FF7DD401A0A

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorFileLast$AttributesDeleteDirectoryFindNextRemove
String ID: ../../base/files/file_util_win.cc$DeleteFile.NonRecursive
API String ID: 909257171-3789821954
Opcode ID: 7522e174797cdc490e7afdee7f19c2f7bd46a91f1cbb3e52ec37dcadaca8c308
Instruction ID: 93448c9eb76d2080a3406708d3ff4f0388088cac711755ab4dc62a38f9425213
Opcode Fuzzy Hash: 7522e174797cdc490e7afdee7f19c2f7bd46a91f1cbb3e52ec37dcadaca8c308
Instruction Fuzzy Hash: 7151A32171C64641FA61BB61A8417BFE7A0AF85BC4FC40132EE4E976D9FE3CE4458B60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD46CC80, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD46CCEA
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD46CDB4

Strings

task_posted_to_disabled_queue, xrefs: 00007FF7DD46CD5E, 00007FF7DD46CE26
location, xrefs: 00007FF7DD46CDE5
task_queue_name, xrefs: 00007FF7DD46CD17
ipc_hash, xrefs: 00007FF7DD46CDD9
time_since_disabled_ms, xrefs: 00007FF7DD46CD23

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: ipc_hash$location$task_posted_to_disabled_queue$task_queue_name$time_since_disabled_ms
API String ID: 2882836952-2004826100
Opcode ID: c3c7bf5c540ce4937e0a2cc64c50e52e6b5c63adabb9a6f0f9364cd4e3f8b309
Instruction ID: 435b8daeb8cebde8437acff5e8591c78c51c5c2c982525715d4baf56606f0385
Opcode Fuzzy Hash: c3c7bf5c540ce4937e0a2cc64c50e52e6b5c63adabb9a6f0f9364cd4e3f8b309
Instruction Fuzzy Hash: EA51AC3290CB8586E611EB11E9546AEBBA4FB89780FD44236EE8E03B55EF3CD045DB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD54FC1C, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF7DD54FB43,?,?,00000000,00007FF7DD53F7FE,?,?,?,00007FF7DD520CF9), ref: 00007FF7DD54FC9F
GetLastError.KERNEL32(?,00007FF7DD54FB43,?,?,00000000,00007FF7DD53F7FE,?,?,?,00007FF7DD520CF9), ref: 00007FF7DD54FCAD
LoadLibraryExW.KERNEL32(?,00007FF7DD54FB43,?,?,00000000,00007FF7DD53F7FE,?,?,?,00007FF7DD520CF9), ref: 00007FF7DD54FCD7
FreeLibrary.KERNEL32(?,00007FF7DD54FB43,?,?,00000000,00007FF7DD53F7FE,?,?,?,00007FF7DD520CF9), ref: 00007FF7DD54FD1D
GetProcAddress.KERNEL32(?,00007FF7DD54FB43,?,?,00000000,00007FF7DD53F7FE,?,?,?,00007FF7DD520CF9), ref: 00007FF7DD54FD29

Strings

MZx, xrefs: 00007FF7DD54FC3A, 00007FF7DD54FCE8, 00007FF7DD54FD06
api-ms-, xrefs: 00007FF7DD54FCBF

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: MZx$api-ms-
API String ID: 2559590344-259127448
Opcode ID: e1a67f764d0701f993f61e262d9f36da8f7bf638ab31bd634c889dd8f09048ca
Instruction ID: a2d789ab33f4573332f13c3b9a04d799e6ccbd20800603347923a59d589a3250
Opcode Fuzzy Hash: e1a67f764d0701f993f61e262d9f36da8f7bf638ab31bd634c889dd8f09048ca
Instruction Fuzzy Hash: 4031C625A0EA4AD5EE11AB06A80453DA394BF48B64FD90537DD2E4B3D4FF3CE0498321

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD407685, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 192threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD407703
GetLocalTime.KERNEL32 ref: 00007FF7DD407747

Part of subcall function 00007FF7DD407B40: GetCurrentProcessId.KERNEL32 ref: 00007FF7DD407B48

Strings

UNKNOWN, xrefs: 00007FF7DD4079DC
)] , xrefs: 00007FF7DD4078C8
VERBOSE, xrefs: 00007FF7DD4079B4

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Current$LocalProcessThreadTime
String ID: )] $UNKNOWN$VERBOSE
API String ID: 2750998906-3915483136
Opcode ID: 11d6c94e224e7b21c45e2123f0f18d9b7bef27b962f19636fa3c24e13e2e926b
Instruction ID: 5ec4549d011a41ad6036fa9cf740236d790a39225114e696572e23dac41a8c56
Opcode Fuzzy Hash: 11d6c94e224e7b21c45e2123f0f18d9b7bef27b962f19636fa3c24e13e2e926b
Instruction Fuzzy Hash: A2919D22A0C68280FA15FB15D4503BDA7A5AB85BC4FC48037DE8E17796EF7DE241D361

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FB850, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98fileCOMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNEL32 ref: 00007FF7DD3FB8F8
MapViewOfFile.KERNEL32 ref: 00007FF7DD3FB932
GetLastError.KERNEL32 ref: 00007FF7DD3FB98C
SetLastError.KERNEL32 ref: 00007FF7DD3FB9CE

Strings

../../base/files/memory_mapped_file_win.cc, xrefs: 00007FF7DD3FB897
MapImageToMemory, xrefs: 00007FF7DD3FB890

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorFileLast$CreateMappingView
String ID: ../../base/files/memory_mapped_file_win.cc$MapImageToMemory
API String ID: 2231327692-1841746395
Opcode ID: 0eda81ad39c8d4df9ca2dcea9eab0a28213938ac93487b1e2a48b8264356e502
Instruction ID: f3939bc2614eaf047e2f497c73c7cb091838b4e0981a1a963cbea964f1de6f02
Opcode Fuzzy Hash: 0eda81ad39c8d4df9ca2dcea9eab0a28213938ac93487b1e2a48b8264356e502
Instruction Fuzzy Hash: C1415E61A1CA4A81FA11AB29E459BEEE3A5FF84794FC84036DE8E07751FE3CE0458750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD4220E0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79synchronizationthreadCOMMON

Download Yara Rule

APIs

GetThreadId.KERNEL32 ref: 00007FF7DD42210C
GetLastError.KERNEL32 ref: 00007FF7DD422222

Part of subcall function 00007FF7DD422240: GetThreadId.KERNEL32 ref: 00007FF7DD42225E

WaitForSingleObject.KERNEL32 ref: 00007FF7DD4221D0
CloseHandle.KERNEL32 ref: 00007FF7DD4221E2

Strings

Join, xrefs: 00007FF7DD422199
../../base/threading/platform_thread_win.cc, xrefs: 00007FF7DD4221A0

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Thread$CloseErrorHandleLastObjectSingleWait
String ID: ../../base/threading/platform_thread_win.cc$Join
API String ID: 3108261205-821740204
Opcode ID: 7c39c805498682cb1504f7e2a45ff05aada03280f8321ddb953a005adcdd047d
Instruction ID: b54473c4f1bfcb1182429cd19f45b8b95b968a6ad65bb8b0642e1bfce5c3b12b
Opcode Fuzzy Hash: 7c39c805498682cb1504f7e2a45ff05aada03280f8321ddb953a005adcdd047d
Instruction Fuzzy Hash: 48314F21A1CAD591E621AB24E4417FEE3B5EF94794FC40132DA8E03665FF3DD546CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD5514BC, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF7DD5514ED
GetLastError.KERNEL32 ref: 00007FF7DD5514F9
CloseHandle.KERNEL32 ref: 00007FF7DD551511
CreateFileW.KERNEL32 ref: 00007FF7DD55153C
WriteConsoleW.KERNEL32 ref: 00007FF7DD55155B

Strings

CONOUT$, xrefs: 00007FF7DD55151D

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: fc28143af0c14e0b7095b76b25fe1e775dbfad104472ddec1544366983cce9f4
Instruction ID: 7046b33bec4030065c88bc7f3cf6ab6385e87949014c1705afd0bc2b7f09a4a6
Opcode Fuzzy Hash: fc28143af0c14e0b7095b76b25fe1e775dbfad104472ddec1544366983cce9f4
Instruction Fuzzy Hash: 0D11AF31A1CB5582E750AB46A844B2DA6A1FB88BE4FC44235EE1F83794EF7CD4448760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F12E0, Relevance: 9.1, APIs: 6, Instructions: 67COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3F1349
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3F1388
_Init_thread_header.LIBCMT ref: 00007FF7DD3F13AC
_Init_thread_footer.LIBCMT ref: 00007FF7DD3F13DD
_Init_thread_header.LIBCMT ref: 00007FF7DD3F13EE

Part of subcall function 00007FF7DD51EFE0: EnterCriticalSection.KERNEL32(?,?,00000062,00007FF7DD3EC6D0), ref: 00007FF7DD51EFF0

_Init_thread_footer.LIBCMT ref: 00007FF7DD3F1413

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveInit_thread_footerInit_thread_headerLock$AcquireCriticalEnterReleaseSection
String ID:
API String ID: 2670297682-0
Opcode ID: 03f6603a5ec0b0de8b858e81bb151abb40c9544c142d4eac731bc62c1fda8bdc
Instruction ID: f3783842829a06aa787e2db15f0ff9ac781271d35c9a862eb5b35a545f575c84
Opcode Fuzzy Hash: 03f6603a5ec0b0de8b858e81bb151abb40c9544c142d4eac731bc62c1fda8bdc
Instruction Fuzzy Hash: 7331292191CA6A81EA00FB61F9805BEA324BF90751FC15237DD0E566A0AF2CF48AD720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EDDE0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 177timeCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32 ref: 00007FF7DD3EDE57
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,00007FF7DD3EDDC3), ref: 00007FF7DD3EDF17
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7DD3EDF67

Strings

gfffffff, xrefs: 00007FF7DD3EDF1D
gfffffff, xrefs: 00007FF7DD3EDF6D

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Time$FileSystem$CounterPerformanceQuery
String ID: gfffffff$gfffffff
API String ID: 3444630516-161084747
Opcode ID: 79cf0b217f42fe8f336ea9a0ee9c2e51dd2828aed7d81c4e648f98708e072c1e
Instruction ID: 23109a0e46a81a838ef96477e6d8722558419f0658e262e6c97ccbebe5087182
Opcode Fuzzy Hash: 79cf0b217f42fe8f336ea9a0ee9c2e51dd2828aed7d81c4e648f98708e072c1e
Instruction Fuzzy Hash: C5517371B1D74A81EA54DB16F94466DE3A1AB88BE0FC85236DD5F477E4EE3CE0418310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F3FD0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 141fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 00007FF7DD3F40A1
GetLastError.KERNEL32 ref: 00007FF7DD3F40B0
FindClose.KERNEL32 ref: 00007FF7DD3F4364

Strings

../../base/files/file_enumerator_win.cc, xrefs: 00007FF7DD3F402D
Next, xrefs: 00007FF7DD3F4026

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Find$CloseErrorFileLastNext
String ID: ../../base/files/file_enumerator_win.cc$Next
API String ID: 256431386-3065876524
Opcode ID: 6c94d30595090d69d55d9d978bbfdc9b259fd964c076f431eb46c2e63c9d7221
Instruction ID: 00a2aa4a64a97fc79ae58985f54ae7456f14a36d2657a1f299435de2e5303f0d
Opcode Fuzzy Hash: 6c94d30595090d69d55d9d978bbfdc9b259fd964c076f431eb46c2e63c9d7221
Instruction Fuzzy Hash: 3E61C12260CACAD1EA55AB25E9413FDE3A4FB84794FC44136EE9D037A0EF38E065C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D7800, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3D785B
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3D786B
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3D78A4
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3D78D1

Part of subcall function 00007FF7DD3D8490: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7DD3FA101), ref: 00007FF7DD3D84DB

Strings

value, xrefs: 00007FF7DD3D790E

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentThread$Release
String ID: value
API String ID: 1598680105-494360628
Opcode ID: 2417bcbf7a1bc754ab3c446a7e7dec182eb7e564232dd02acbcb711c889b0ce2
Instruction ID: c4f040ba57ecdc6a7ed4e315244a35857c2db9d9becee96515a435754e591892
Opcode Fuzzy Hash: 2417bcbf7a1bc754ab3c446a7e7dec182eb7e564232dd02acbcb711c889b0ce2
Instruction Fuzzy Hash: 7141C172A0C78582E620AF25E4503ADE7A0FB44B94FD8413ADE9E03755EF3CE046C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F6060, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 00007FF7DD3F6132
GetLastError.KERNEL32 ref: 00007FF7DD3F617F

Strings

Read, xrefs: 00007FF7DD3F60B5
File::Read, xrefs: 00007FF7DD3F619C
../../base/files/file_win.cc, xrefs: 00007FF7DD3F60BC

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: ../../base/files/file_win.cc$File::Read$Read
API String ID: 1948546556-1732825555
Opcode ID: 11898f5d5f847d5d0af1da8a1865a1e20e011a38fa82882fd39c724473d8ac58
Instruction ID: 18bd362679febcede6ae135c0033071540a800b1bc933c8a4c452d42243cf29d
Opcode Fuzzy Hash: 11898f5d5f847d5d0af1da8a1865a1e20e011a38fa82882fd39c724473d8ac58
Instruction Fuzzy Hash: 9F31F321A1C99A91FA22AB24E8016FEE364BF94794FC45232ED4D03691FE3DE156C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD52E8DC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF7DD52E8F8
GetProcAddress.KERNEL32 ref: 00007FF7DD52E90E
FreeLibrary.KERNEL32 ref: 00007FF7DD52E92B

Strings

CorExitProcess, xrefs: 00007FF7DD52E907
mscoree.dll, xrefs: 00007FF7DD52E8EF

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 1eadfbb0434d2b97c0f5433e4f4e5936b3a879e0e935204f2af32b34addea9b3
Instruction ID: 6185e803031968a19fe7ad0e83d88cf7c5f4f89b5c038ed3fdb2e49947b1353e
Opcode Fuzzy Hash: 1eadfbb0434d2b97c0f5433e4f4e5936b3a879e0e935204f2af32b34addea9b3
Instruction Fuzzy Hash: A0F03A61A1D64A81EF54ABA1E88477DA761AF48780FC41437DD4F86264EE3CE4A88730

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD5366EC, Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DD53672E
GetConsoleMode.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF7DD520A73,?,?,?,00000000), ref: 00007FF7DD5367EC
GetLastError.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF7DD520A73,?,?,?,00000000), ref: 00007FF7DD536876

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
String ID:
API String ID: 2210144848-0
Opcode ID: 65279237fb41dd2b1aee5c90d38c38541353cac6e46d496fe6443cc427d3fe14
Instruction ID: 5516163963517517214174f0ae77c6e4bdfb279c3fc470790f078dcf7189dcab
Opcode Fuzzy Hash: 65279237fb41dd2b1aee5c90d38c38541353cac6e46d496fe6443cc427d3fe14
Instruction Fuzzy Hash: 06819F22E1C65A89FB10BB6588406BCA7A1BB44B94FD4413BDE0F53795EFBCA445C730

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DA9F0, Relevance: 7.7, APIs: 5, Instructions: 168threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DD3DACD0: TlsGetValue.KERNEL32 ref: 00007FF7DD3DACDE

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DAA46
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7DD3DAAEC
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3DAB6D
_Init_thread_header.LIBCMT ref: 00007FF7DD3DAB86
_Init_thread_footer.LIBCMT ref: 00007FF7DD3DABC4

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentInit_thread_footerInit_thread_headerReleaseThreadValue
String ID:
API String ID: 2678241846-0
Opcode ID: 89e28c46ee5b503affafed3ecd5ca134642797ab5197a4643c29030bce478a8a
Instruction ID: cde56fbc3fdee27d26b293ca7978562594c332370e55622bc50cd1bd32a4f774
Opcode Fuzzy Hash: 89e28c46ee5b503affafed3ecd5ca134642797ab5197a4643c29030bce478a8a
Instruction Fuzzy Hash: EF717331A0C68681EA60BB11A5607BDF7A0BB94790FC8453BED8E47795FE7CE445C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD54DF78, Relevance: 7.7, APIs: 5, Instructions: 158COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF7DD54DFB4
_set_statfp.LIBCMT ref: 00007FF7DD54DFD2
_set_statfp.LIBCMT ref: 00007FF7DD54DFFB
_set_statfp.LIBCMT ref: 00007FF7DD54E1B4

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: ec3b13551c6f3d19fb49d4df8628d49405be95c3028fa6d34d767c1376234e46
Instruction ID: 06805591c68d5febe0da339bc43e7fb3a7a0e1e2779db168a27ef995cd150c77
Opcode Fuzzy Hash: ec3b13551c6f3d19fb49d4df8628d49405be95c3028fa6d34d767c1376234e46
Instruction Fuzzy Hash: 6151B422D0C94E85F626BE74A85837EE260BF41350FE48637ED6F165D0FF3CA4918621

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DD2C0, Relevance: 7.6, APIs: 5, Instructions: 86COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF7DD3DD2F8
TlsSetValue.KERNEL32 ref: 00007FF7DD3DD324
TlsSetValue.KERNEL32 ref: 00007FF7DD3DD352
TlsFree.KERNEL32 ref: 00007FF7DD3DD3A2

Part of subcall function 00007FF7DD3DD510: TlsAlloc.KERNEL32(?,?,?,00007FF7DD3FA252,?,?,?,?,00007FF7DD3F9F35,?,?,?,00007FF7DD3DADCE), ref: 00007FF7DD3DD518

TlsFree.KERNEL32 ref: 00007FF7DD3DD3D6

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Value$Free$Alloc
String ID:
API String ID: 4173863045-0
Opcode ID: 81a979a1713467d81661ee10fef108a781d4fd24695aea7be257c2071ad1b613
Instruction ID: 491195a2e06ac07438c5c8fa9e074e8acf67b0070c63b8df8d8c1061f027da1b
Opcode Fuzzy Hash: 81a979a1713467d81661ee10fef108a781d4fd24695aea7be257c2071ad1b613
Instruction Fuzzy Hash: 9A316331A0C1468AE664B725A4605BEF3519F84794FC4433AFA6E0B7D9FE3CE5468F20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F6420, Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

_Init_thread_footer.LIBCMT ref: 00007FF7DD3F6485

Part of subcall function 00007FF7DD51F4D8: EnterCriticalSection.KERNEL32(?,?,?,00007FF7DD3DADDA,?,?,?,?,00007FF7DD3DAA5C), ref: 00007FF7DD51F4E8
Part of subcall function 00007FF7DD51F4D8: LeaveCriticalSection.KERNEL32(?,?,?,00007FF7DD3DADDA,?,?,?,?,00007FF7DD3DAA5C), ref: 00007FF7DD51F528

_Init_thread_header.LIBCMT ref: 00007FF7DD3F6454

Part of subcall function 00007FF7DD51EFE0: EnterCriticalSection.KERNEL32(?,?,00000062,00007FF7DD3EC6D0), ref: 00007FF7DD51EFF0

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF7DD3F6412,?,?,?,?,00007FF7DD3F639D,?,?,?,00007FF7DD3F6381), ref: 00007FF7DD3F6494
_Init_thread_header.LIBCMT ref: 00007FF7DD3F6525
_Init_thread_footer.LIBCMT ref: 00007FF7DD3F6556

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CriticalSection$EnterInit_thread_footerInit_thread_header$AcquireExclusiveLeaveLock
String ID:
API String ID: 2014417079-0
Opcode ID: a4375109c5dbaa7e32e46627ba756a9678749bf8f571276bda5037521c738e36
Instruction ID: 32af79d1f7855693e2970d8aaecc60abdc3733cc53cf32c61b86b56f4dfcc52d
Opcode Fuzzy Hash: a4375109c5dbaa7e32e46627ba756a9678749bf8f571276bda5037521c738e36
Instruction Fuzzy Hash: 6E415921A0CA5B81EA10FB21EA506BDE360AF94750FC0513BDD6F462A6FE3CB4958720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EB900, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 160synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF7DD3EBA34

Part of subcall function 00007FF7DD3DA5F0: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DD3DA628

WaitForSingleObject.KERNEL32 ref: 00007FF7DD3EBB5C

Strings

../../base/synchronization/waitable_event_win.cc, xrefs: 00007FF7DD3EBADE
TimedWait, xrefs: 00007FF7DD3EBAD7

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ObjectSingleWait$CounterPerformanceQuery
String ID: ../../base/synchronization/waitable_event_win.cc$TimedWait
API String ID: 2161673850-3163266676
Opcode ID: 9915d8dc1ebe59b2d2c8320b3d3f5773368ae601eab0ab67039430de386d0d2b
Instruction ID: 5d435835fab0dc3195b6517d6951516f3137157ec6e8c2266632a1b779bcf95b
Opcode Fuzzy Hash: 9915d8dc1ebe59b2d2c8320b3d3f5773368ae601eab0ab67039430de386d0d2b
Instruction Fuzzy Hash: AF51E921A1D6C681FE62A715E4153BEE391AF887A0FC8023ADA5E477D5FE6CE0858710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DFA30, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 152COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,00000000,00000000,00007FF7DD3DFEB9), ref: 00007FF7DD3DFA55
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00000000,00000000,00007FF7DD3DFEB9), ref: 00007FF7DD3DFB6B

Part of subcall function 00007FF7DD3DA5F0: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DD3DA628

Strings

@KL, xrefs: 00007FF7DD3DFBA4
@KL, xrefs: 00007FF7DD3DFBAB

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireCounterPerformanceQueryRelease
String ID: @KL$@KL
API String ID: 465813119-316066620
Opcode ID: 13936e8a3ce455dbf03b2c87fb57a7f1cb2d0559a520335e2e077c93c69f169b
Instruction ID: c34c32fe436212798e849eeb65379f03dc987932a6fd0f17ad6140554cd39c7f
Opcode Fuzzy Hash: 13936e8a3ce455dbf03b2c87fb57a7f1cb2d0559a520335e2e077c93c69f169b
Instruction Fuzzy Hash: 62615D72609B85C2DB64DB21E5A036DE3A1FB48B94F88413ACB9E43794FF78E455C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D8850, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3D898D
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3D89AD

Part of subcall function 00007FF7DD3D8490: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7DD3FA101), ref: 00007FF7DD3D84DB

Strings

PushOntoDelayedIncomingQueue, xrefs: 00007FF7DD3D88A0
../../base/task/sequence_manager/task_queue_impl.cc, xrefs: 00007FF7DD3D88A7

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: ../../base/task/sequence_manager/task_queue_impl.cc$PushOntoDelayedIncomingQueue
API String ID: 1678258262-2913814977
Opcode ID: bdda476e0404b31b259fd8b65acfcaadf64e144980ecbb5e8397cb699965c973
Instruction ID: 1a2b4ff6ce91cc85cc7ec84c2bd655819e2b8af5ed3ab8a89b47ee260c9528d6
Opcode Fuzzy Hash: bdda476e0404b31b259fd8b65acfcaadf64e144980ecbb5e8397cb699965c973
Instruction Fuzzy Hash: 9B41616260C68681EA11BB12E8147ADE764FB45B84FD84037DE8E07795EF3CE146C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E9110, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E91B3
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E91C3
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E922F

Part of subcall function 00007FF7DD3D8490: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7DD3FA101), ref: 00007FF7DD3D84DB

Strings

ThreadLocalEventBuffer, xrefs: 00007FF7DD3E9194

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$Acquire$CurrentReleaseThread
String ID: ThreadLocalEventBuffer
API String ID: 1385397084-137470936
Opcode ID: 8b7b71924257a5fe51d5bda308dfbe3cea59bc314a761701ca7af9eee02148d8
Instruction ID: 70ad1113ca785b668f55e62ff6dc15651a3892e25bb2f4dbcc9bb338fa4766de
Opcode Fuzzy Hash: 8b7b71924257a5fe51d5bda308dfbe3cea59bc314a761701ca7af9eee02148d8
Instruction Fuzzy Hash: E1417F72A0CA4AC1EE01AF15D4101AEF364EB89B94FD44237EE5E073A5EE3CD546C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD40D200, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 00007FF7DD40D276
GetLastError.KERNEL32 ref: 00007FF7DD40D304

Strings

Failed to create a message-only window, xrefs: 00007FF7DD40D332
../../base/win/message_window.cc, xrefs: 00007FF7DD40D30D

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CreateErrorLastWindow
String ID: ../../base/win/message_window.cc$Failed to create a message-only window
API String ID: 3732789607-3362469768
Opcode ID: b890d7b8cec323f2234219611bb3180ccccc8334c44990f012f6b03ae361ebf6
Instruction ID: 67223c519be37fac3529c7b87b149feb69287888e5fc67e9d048c39ea6caecbb
Opcode Fuzzy Hash: b890d7b8cec323f2234219611bb3180ccccc8334c44990f012f6b03ae361ebf6
Instruction Fuzzy Hash: 5931CD21A0C65281EA50BB55A4007BEE754AF44790FC4013BEE4E57BD6FF3CE0468720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F4D10, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF7DD3F4DDC

Strings

File::Write, xrefs: 00007FF7DD3F4E2C
../../base/files/file_win.cc, xrefs: 00007FF7DD3F4D6D
Write, xrefs: 00007FF7DD3F4D66

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: FileWrite
String ID: ../../base/files/file_win.cc$File::Write$Write
API String ID: 3934441357-2974260537
Opcode ID: fce22c99f1ea612b7497d03df72e4fa68bd41e42bd70f5e0d4701435169d6a2a
Instruction ID: 906d6cc5b9efbe91ea69acc0ef1a347782544ecde3ab28227d52fa4fcf6603f3
Opcode Fuzzy Hash: fce22c99f1ea612b7497d03df72e4fa68bd41e42bd70f5e0d4701435169d6a2a
Instruction Fuzzy Hash: D731C32161C98591FA21AB29F4017EAE365BF94795FC41122FE8D03651FE3DE146C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FAA30, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 74threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3FAA9E

Strings

function_name, xrefs: 00007FF7DD3FAADE
ScopedAllowBaseSyncPrimitivesOutsideBlockingScope, xrefs: 00007FF7DD3FAB16
file_name, xrefs: 00007FF7DD3FAAD3

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: ScopedAllowBaseSyncPrimitivesOutsideBlockingScope$file_name$function_name
API String ID: 2882836952-147081419
Opcode ID: c98d2279651bf02b1329522ed77f9f5ccdfcafcbc9435787b3a2eca9410332ad
Instruction ID: 6dbf5d303a151b947fb0bdca73f58799730cc95303c93f0e4b108cebc2e7388a
Opcode Fuzzy Hash: c98d2279651bf02b1329522ed77f9f5ccdfcafcbc9435787b3a2eca9410332ad
Instruction Fuzzy Hash: EE31903291CBC988EB219F20E9013AEE7A4FB85784FC48236E98D03B55EF7CD1458750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FB6E0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON

Download Yara Rule

APIs

GetFileSizeEx.KERNEL32 ref: 00007FF7DD3FB783

Strings

GetLength, xrefs: 00007FF7DD3FB726
File::GetLength, xrefs: 00007FF7DD3FB7CE
../../base/files/file_win.cc, xrefs: 00007FF7DD3FB72D

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: FileSize
String ID: ../../base/files/file_win.cc$File::GetLength$GetLength
API String ID: 3433856609-2366038222
Opcode ID: 778c642db64af9a8d8b25f25dccabdb71c32e250c2b6be122f30ce34591ba7cc
Instruction ID: a1f9aadde6d44d46d2ca1d4448063d988c46339517c04a1b34e81fc4aa30ce30
Opcode Fuzzy Hash: 778c642db64af9a8d8b25f25dccabdb71c32e250c2b6be122f30ce34591ba7cc
Instruction Fuzzy Hash: 9121C531A1C99A91FA216F28F5017FEE3A1EF94784FC41132EE8D03A55EE3DE1468310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D7C50, Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3D7DDD
_Init_thread_footer.LIBCMT ref: 00007FF7DD3D7E0F
_Init_thread_header.LIBCMT ref: 00007FF7DD3D7E20
_Init_thread_footer.LIBCMT ref: 00007FF7DD3D7E52

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID:
API String ID: 4092853384-0
Opcode ID: 0db006559a960d5d9b18b5292bb4203ffc8ca437987e284661d15e31be0c3f6d
Instruction ID: 2f0f2738dc958f340da1e02ab2bc5782ab3ef5d316571ce8f595f47eec625d5b
Opcode Fuzzy Hash: 0db006559a960d5d9b18b5292bb4203ffc8ca437987e284661d15e31be0c3f6d
Instruction Fuzzy Hash: 37613561A0D907C5EA50EB24D96067CE760AF44B64FD80237DA1F472E5EE3CE846CB30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EA030, Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA070
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA0E3
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA163
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA1E1

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: aa40037ce87b3de73b3177096a5e6fd3f0baca88cddbdff00279849dc54d2988
Instruction ID: 93407f7ca59cff274befd8de9ccbeb242f1f9eadb2798d57af3ef8295b07fffc
Opcode Fuzzy Hash: aa40037ce87b3de73b3177096a5e6fd3f0baca88cddbdff00279849dc54d2988
Instruction Fuzzy Hash: 59515E75A0CB5582EA24AF16D45036DA3A0FB48B94FC84136DE4E47B91EF3CE4A1C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD404720, Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(00000000,-5555555555555556,?,-5555555555555556,00000000,00007FF7DD404613), ref: 00007FF7DD40476A
ReleaseSRWLockExclusive.KERNEL32(?,-5555555555555556,00000000,00007FF7DD404613), ref: 00007FF7DD404853
_Init_thread_header.LIBCMT ref: 00007FF7DD40487A
_Init_thread_footer.LIBCMT ref: 00007FF7DD4048AF

Part of subcall function 00007FF7DD3D8490: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7DD3FA101), ref: 00007FF7DD3D84DB

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Init_thread_footerInit_thread_headerRelease
String ID:
API String ID: 1863739313-0
Opcode ID: bde95ffd334a0b89789aa2542e461f3181b5290044bb76c1874214913ff6aa0f
Instruction ID: 062de100eebc07022e7882d16d310c30822115c1923c7a615cb732be6c84c8ac
Opcode Fuzzy Hash: bde95ffd334a0b89789aa2542e461f3181b5290044bb76c1874214913ff6aa0f
Instruction Fuzzy Hash: FF416C25B0C65B86FA10BB15EA90A3CA355AB44B91FC42237DD5F47BE0FE3CB4468320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD445EE0, Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445F6B
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445F80
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445F96
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445FC8

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: 1a3a362a520b52ed36c88ada53ae4a7f1068db3e3c1f9243f34db1e42555750a
Instruction ID: fb91a242c3e5e0ee5e71862338e4ae4e9235a8f9774e0c5fc57ff83ffa6d5c41
Opcode Fuzzy Hash: 1a3a362a520b52ed36c88ada53ae4a7f1068db3e3c1f9243f34db1e42555750a
Instruction Fuzzy Hash: 55319611B1D64682FD24BB16A6582BDE311AF55BD5FC84432CE4F07F91FE6CF4868221

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E37D0, Relevance: 6.1, APIs: 4, Instructions: 93threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E383D
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E3870
_Init_thread_header.LIBCMT ref: 00007FF7DD3E393E
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E3963

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread$Init_thread_footerInit_thread_header
String ID:
API String ID: 537530952-0
Opcode ID: dc265f1fde4a15e340b075b080b29d8acde41569421fe03da67bbe851065f3d8
Instruction ID: d21ebf8968ee4c7ffde2c23f1cd0052e0ea2519327975e194a313fdde8e05e38
Opcode Fuzzy Hash: dc265f1fde4a15e340b075b080b29d8acde41569421fe03da67bbe851065f3d8
Instruction Fuzzy Hash: 1B416232A0CA9585E660EB15E9407AEF3A0FB98794FD40136EE8D43795EF3CE049CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D72F0, Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3D737F
_Init_thread_footer.LIBCMT ref: 00007FF7DD3D73AD
_Init_thread_header.LIBCMT ref: 00007FF7DD3D73BE

Part of subcall function 00007FF7DD51EFE0: EnterCriticalSection.KERNEL32(?,?,00000062,00007FF7DD3EC6D0), ref: 00007FF7DD51EFF0

_Init_thread_footer.LIBCMT ref: 00007FF7DD3D73EC

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header$CriticalEnterSection
String ID:
API String ID: 371409586-0
Opcode ID: 2082039254bb9a5ee2679f0324c2cc3a43c87019daf23e8b3d1a1a37e954c82e
Instruction ID: 6370d262737a8b0dde1420d3f44c3acd4204638140e387e1e6651e5bf6ca6434
Opcode Fuzzy Hash: 2082039254bb9a5ee2679f0324c2cc3a43c87019daf23e8b3d1a1a37e954c82e
Instruction Fuzzy Hash: 63210C65A0C61B81FA50F714EA502BCE761AF90758FD85137CD0F476A5FF2CB8468A70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E35B0, Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E361C
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E3644
_Init_thread_header.LIBCMT ref: 00007FF7DD3E3664
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E3689

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireInit_thread_footerInit_thread_headerRelease
String ID:
API String ID: 2580794422-0
Opcode ID: c98659d3650768bb3f717d3fe593d1c97674f58424eb707cd5a52f8d4a8aff38
Instruction ID: 768e0eebf142cc7a179d15d498a50c735bb6773b2011f6efe38fb1b8c1b89378
Opcode Fuzzy Hash: c98659d3650768bb3f717d3fe593d1c97674f58424eb707cd5a52f8d4a8aff38
Instruction Fuzzy Hash: 27210721A1C65691E910FB11E99157CE360AF88791FD81237DD0F426E5EE2CB446C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD472F30, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

ThreadController::Suspended, xrefs: 00007FF7DD4731DF
ThreadController active, xrefs: 00007FF7DD473123

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID:
String ID: ThreadController active$ThreadController::Suspended
API String ID: 0-3364357523
Opcode ID: d0d42a21dbf5e337e4bdece8820f8159dd4f64d2d5d72e5251b312b2c1cd8fda
Instruction ID: e3b019701004afab5cf0aa95adee86a9f4507f2f7d271455dab8d58e91a2e28d
Opcode Fuzzy Hash: d0d42a21dbf5e337e4bdece8820f8159dd4f64d2d5d72e5251b312b2c1cd8fda
Instruction Fuzzy Hash: 7871C332B0D686D9EA10EB15E9542BDA7A0EB447A4FE84232DEAD07795EF3CE041C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E59E0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 171threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E5B6E

Strings

queue_name, xrefs: 00007FF7DD3E5BAD
SequenceManagerImpl::UnregisterTaskQueue, xrefs: 00007FF7DD3E5BE2

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: SequenceManagerImpl::UnregisterTaskQueue$queue_name
API String ID: 2882836952-1475601120
Opcode ID: 2328f81befbda8500b2a50aa1b6384afd9501e914d5ca7a468d3b83fd3047d6c
Instruction ID: 6807f8de048a21594b1874a907566231082a2149b003556a928df5bf169ee66a
Opcode Fuzzy Hash: 2328f81befbda8500b2a50aa1b6384afd9501e914d5ca7a468d3b83fd3047d6c
Instruction Fuzzy Hash: E5714B3660DB86C5EA51AF12E5507ADE7A0FB88B84FD4423ADE8D07795EF3CE0518320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD41A630, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD41A80D
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD41A86D

Strings

ThreadController active, xrefs: 00007FF7DD41A857, 00007FF7DD41A8B7

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: ThreadController active
API String ID: 2882836952-742296238
Opcode ID: 450db00d8bcbb95d445efaf0f53d461804ba097684c356ba6ba1e5828c21624e
Instruction ID: afdde367f0b237e733ddcee859624da4cf8ed2b71abae687adf5c14c97c17fd0
Opcode Fuzzy Hash: 450db00d8bcbb95d445efaf0f53d461804ba097684c356ba6ba1e5828c21624e
Instruction Fuzzy Hash: 67718132A0E64686EA20AF15D60536DF7A0AB447A4FE44336DE6D076C4EF7CE156C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD432AF0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DD520970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7DD543457,?,?,?,00007FF7DD525777,?,?,00000000,00007FF7DD532781), ref: 00007FF7DD520996

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF7DD432CA9

Strings

[%s : %d] RAW: , xrefs: 00007FF7DD432B60
... (message truncated), xrefs: 00007FF7DD432BE6

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: FeaturePresentProcessor__std_exception_destroy
String ID: ... (message truncated)$[%s : %d] RAW:
API String ID: 2848415949-3262997248
Opcode ID: f725f8e3fc5cd2c420cb442bfa00d901a80ed95df4870b9fc28c71e181588a59
Instruction ID: aceb12681a65c2fd2de54ee40859b6d8b7406d4e81641a6f6b073349ba257ab2
Opcode Fuzzy Hash: f725f8e3fc5cd2c420cb442bfa00d901a80ed95df4870b9fc28c71e181588a59
Instruction Fuzzy Hash: 2C41BF32A0C65681EA10AF15E4416AEF7A4EB857D4FC44137EE8E47B99EF3CD50ACB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD45EF70, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD45F0D8

Strings

Chrome.MessageLoopProblem.SET_TIMER_ERROR, xrefs: 00007FF7DD45F118
Chrome.MessageLoopProblem, xrefs: 00007FF7DD45F099

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: Chrome.MessageLoopProblem$Chrome.MessageLoopProblem.SET_TIMER_ERROR
API String ID: 2882836952-12461729
Opcode ID: ec904d1f49e162ed39bbb3376408ea086aebca9a68021df37e8b5513a0aa45f0
Instruction ID: ccb096d5eeabcddc1ad61f7031226de2996a1b7eda6319534b7635a3ded874a1
Opcode Fuzzy Hash: ec904d1f49e162ed39bbb3376408ea086aebca9a68021df37e8b5513a0aa45f0
Instruction Fuzzy Hash: AA41A23261D68682EB20EB11A45037EE7D0EB88B94FD44236EE5E47BD4EF3CE4458710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DE300, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DE3E6

Strings

delay_ms, xrefs: 00007FF7DD3DE418
RealTimeDomain::DelayTillNextTask, xrefs: 00007FF7DD3DE44E, 00007FF7DD3DE4BE

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: RealTimeDomain::DelayTillNextTask$delay_ms
API String ID: 2882836952-1505973704
Opcode ID: db21514dcb7c273c95d10c016e0ebe5e65dad2a202e18345c54b8865ec7e2580
Instruction ID: af140336a5ce156c09c6169e1c72c82262004029b0ed02bb68cda078e06aba75
Opcode Fuzzy Hash: db21514dcb7c273c95d10c016e0ebe5e65dad2a202e18345c54b8865ec7e2580
Instruction Fuzzy Hash: 4B516D2190CBC584E721AB55A8503FEFBA0AF95354FC8523AEACD16A55EF7CE085CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD54C9CC, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DD54CA03

Part of subcall function 00007FF7DD549C38: GetCurrentDirectoryW.KERNEL32 ref: 00007FF7DD549C78

Strings

., xrefs: 00007FF7DD54CA67
:, xrefs: 00007FF7DD54CA55

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentDirectory_invalid_parameter_noinfo
String ID: .$:
API String ID: 2020911589-4202072812
Opcode ID: 9f0048fb88f38790caec72023486a0dd7e36fad56195f85e723383077f85054a
Instruction ID: 6148472399c1ca09da985603deb9861559148e6f4aa992c622ce6a4b5fe6d16a
Opcode Fuzzy Hash: 9f0048fb88f38790caec72023486a0dd7e36fad56195f85e723383077f85054a
Instruction Fuzzy Hash: 32418422F1D65689FB11FBB2DC851BC67B46F50788FD40036DE0E66A85FF3854418361

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD5370DC, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF7DD5371F3
GetLastError.KERNEL32 ref: 00007FF7DD537215

Strings

U, xrefs: 00007FF7DD53719F

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 0e37e4294c18898e7b18a061adb92dd4b92b9cb49623f781fba012d40c96dfa0
Instruction ID: 0a4eed2874d768fed555fe5afb591947432f18fefdeab06cbaef21ca5ae16736
Opcode Fuzzy Hash: 0e37e4294c18898e7b18a061adb92dd4b92b9cb49623f781fba012d40c96dfa0
Instruction Fuzzy Hash: 1941B422A1CA8A85DB10AF25E8447AEA761FB98794FC44032EE4E87794EF7CD401C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E6260, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 99synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF7DD3FA75D

Strings

Wait, xrefs: 00007FF7DD3FA7C5
../../base/synchronization/waitable_event_win.cc, xrefs: 00007FF7DD3FA7CC

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ObjectSingleWait
String ID: ../../base/synchronization/waitable_event_win.cc$Wait
API String ID: 24740636-241924016
Opcode ID: ada3c3a422cacc9e5a151dad91bbe4eb9b39bac101fe172bbf42d3fa73fa839e
Instruction ID: e0fb48ad78b1f8e4d074c1aefaa92e98d74ee28bc43b5ac42971de2ab2fec72e
Opcode Fuzzy Hash: ada3c3a422cacc9e5a151dad91bbe4eb9b39bac101fe172bbf42d3fa73fa839e
Instruction Fuzzy Hash: AF41E621A0C6C585FB31A729E4057FEE7A0AFD5354FD4823ADA8D02695FF3DE0868B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EF2C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3EF3DF
_Init_thread_footer.LIBCMT ref: 00007FF7DD3EF42B

Strings

, xrefs: 00007FF7DD3EF312

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID:
API String ID: 4092853384-3916222277
Opcode ID: 19c5e2765cc32ad457ac704f82c798e7019ddbd1838a568fbac346a061fe4d76
Instruction ID: b8dead918ff23e1b97d32c3e27faf63fad6a72c1976db6bd4081cb1264a1b337
Opcode Fuzzy Hash: 19c5e2765cc32ad457ac704f82c798e7019ddbd1838a568fbac346a061fe4d76
Instruction Fuzzy Hash: 6E41903191CA96C1E611AB24E5403AEE7A4BF94754FC05336EE9E066E1FF7CF1868720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D9FF0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DA097
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DA0F7

Strings

ThreadController active, xrefs: 00007FF7DD3DA0E1, 00007FF7DD3DA143

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: ThreadController active
API String ID: 2882836952-742296238
Opcode ID: 8695b305775770f8811442e15836a1b8d4915cf2c3a39f3d736533248f777c57
Instruction ID: 5076d104b8224faace90d20f8591f67601f3074d9aed14193cba61e1e7cce83f
Opcode Fuzzy Hash: 8695b305775770f8811442e15836a1b8d4915cf2c3a39f3d736533248f777c57
Instruction Fuzzy Hash: 5F417F32A0C786C5E720AB15E66036EE7E0BB94788FD85136DE4E03694EF7DE4958B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F5915, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON

Download Yara Rule

APIs

ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3F598D

Strings

MonitorNextJankWindowIfNecessary, xrefs: 00007FF7DD3F59F2
../../base/threading/scoped_blocking_call_internal.cc, xrefs: 00007FF7DD3F59F9

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLockRelease
String ID: ../../base/threading/scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary
API String ID: 1766480654-4084575106
Opcode ID: bad721dbb4ee4a46a477eb9e5217d38a40cc4e3e977d42abcb08d184def1efc1
Instruction ID: 4ab4b524d9b3c8c694a5cc32bef1ca35e256cea02f63fe7b5ccca810bdfc1aed
Opcode Fuzzy Hash: bad721dbb4ee4a46a477eb9e5217d38a40cc4e3e977d42abcb08d184def1efc1
Instruction Fuzzy Hash: 5A418B21A1C79AC4EE12FB61E4453FEE7A5AB41B85FC9443BD94E06292FE3CA055C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD409370, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNEL32 ref: 00007FF7DD4093C3

Strings

, xrefs: 00007FF7DD4093CF
%, xrefs: 00007FF7DD409474

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: MemoryProcessRead
String ID: $%
API String ID: 1726664587-2111875603
Opcode ID: dbb3c1c1f57e70ace857a6434b83257c57bb9f8b752a0332744392229b10dcb0
Instruction ID: 3ac5ad1627830ad61188419bb2d788d4311f92e6660610769ab9a42b182e1128
Opcode Fuzzy Hash: dbb3c1c1f57e70ace857a6434b83257c57bb9f8b752a0332744392229b10dcb0
Instruction Fuzzy Hash: AA31D872D0C58541F7615716E58057EE3D1EF997A8FC91232EE8E22A94FE3CD4C18711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD41A8D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD41A91D
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD41A995

Strings

ThreadController active, xrefs: 00007FF7DD41A967, 00007FF7DD41A9DF

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: ThreadController active
API String ID: 2882836952-742296238
Opcode ID: 576a85d7e9f4a649eaf64f22254d9741de793c31530949cf4742f0ecbea39742
Instruction ID: c18291de5de64d95505087c49fd315385bf4113bd10f9d754973fc471eb79224
Opcode Fuzzy Hash: 576a85d7e9f4a649eaf64f22254d9741de793c31530949cf4742f0ecbea39742
Instruction Fuzzy Hash: FD31C43291D78682E720AF24A5513AEF7E0BB84794FE85136DD8E43245EF3CE482C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD549C38, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF7DD549C78
GetCurrentDirectoryW.KERNEL32 ref: 00007FF7DD549CCA

Strings

:, xrefs: 00007FF7DD549C8E

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: 1d8220178fce886c10be383f0ab37de9ed3358f1df46149ae7990e76ed42da1d
Instruction ID: 04aa178ef575cbe44be817132fa02ece06f7fc592d03bb64c58fd05cbae96c9f
Opcode Fuzzy Hash: 1d8220178fce886c10be383f0ab37de9ed3358f1df46149ae7990e76ed42da1d
Instruction Fuzzy Hash: A021D532A0C68981EB20AB11D44926EA3A1FBC4B48FD5403ADE8E43684EF7CE545CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD409180, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32 ref: 00007FF7DD4091F6
WriteProcessMemory.KERNEL32 ref: 00007FF7DD40925B

Part of subcall function 00007FF7DD4092A0: VirtualProtectEx.KERNEL32 ref: 00007FF7DD4092E3
Part of subcall function 00007FF7DD4092A0: WriteProcessMemory.KERNEL32 ref: 00007FF7DD409311
Part of subcall function 00007FF7DD4092A0: VirtualProtectEx.KERNEL32 ref: 00007FF7DD409331

Strings

, xrefs: 00007FF7DD409205

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: MemoryProcessWrite$ProtectVirtual
String ID:
API String ID: 2340208871-3916222277
Opcode ID: ee50d6ac57fd964669a6819f0f1e1c7615a0b45844f3e2b479ec1ab6564eda81
Instruction ID: da7af18aad5ba114a5bd1aac0f4e69a34fc719562d9864a87c0f790bab4e47e3
Opcode Fuzzy Hash: ee50d6ac57fd964669a6819f0f1e1c7615a0b45844f3e2b479ec1ab6564eda81
Instruction Fuzzy Hash: 5821903260C74582FA60AB15A400BBEB3A0FB49B98FC84536DE8D67B54FF3CD5858750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EDC90, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3EDD32

Strings

Chrome.MessageLoopProblem.MESSAGE_POST_ERROR, xrefs: 00007FF7DD3EDD7C
Chrome.MessageLoopProblem, xrefs: 00007FF7DD3EDCFA

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: Chrome.MessageLoopProblem$Chrome.MessageLoopProblem.MESSAGE_POST_ERROR
API String ID: 2882836952-260003203
Opcode ID: e0bdd39629f94e8f9309321ebf97e51211acb55f14d659b634446e7ff284b8a7
Instruction ID: 0c9847d42d39d40e5ff3772c7c16340c7264175732aa80741b4308b01b67395a
Opcode Fuzzy Hash: e0bdd39629f94e8f9309321ebf97e51211acb55f14d659b634446e7ff284b8a7
Instruction Fuzzy Hash: 30218231A1C69686E720AB25F95076EA7A0AB98B84FD4513ADE4E43B94EF3CE041C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD54E234, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_set_errno_from_matherr.LIBCMT ref: 00007FF7DD54E2E0
_set_errno_from_matherr.LIBCMT ref: 00007FF7DD54E2F4

Strings

pow, xrefs: 00007FF7DD54E25B

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: _set_errno_from_matherr
String ID: pow
API String ID: 1187470696-2276729525
Opcode ID: 429e2b4a7938953cf92125b16cd6668a6ce4d1040fa9120c4f9d56c0fceb8ba4
Instruction ID: 224ec431407da39ea629776bfd2b7fe06a891ec58ccdcd3ca4cad8b98b6dc63c
Opcode Fuzzy Hash: 429e2b4a7938953cf92125b16cd6668a6ce4d1040fa9120c4f9d56c0fceb8ba4
Instruction Fuzzy Hash: F8211236A1C649CBD760DF68A45426EB7A0FB99740FE04136FA8E86B55EF3CE4108F11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD544018, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF7DD544051
LCMapStringW.KERNEL32 ref: 00007FF7DD5440D9

Strings

LCMapStringEx, xrefs: 00007FF7DD544045

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Stringtry_get_function
String ID: LCMapStringEx
API String ID: 2588686239-3893581201
Opcode ID: c9154e718954ce0cc48431baa4e73692e780caf7a0179db1e55feb9a3cbe804f
Instruction ID: fcb2aa5c0772ecd20d7d76e1d92418dd00a547189601faf1cb57f1f3bbfa3e02
Opcode Fuzzy Hash: c9154e718954ce0cc48431baa4e73692e780caf7a0179db1e55feb9a3cbe804f
Instruction Fuzzy Hash: 1011293660CB8586D760DB06F4402AAB7A5FBC9B84F944136EE8E43B19EF3CD4508B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F9440, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3F9499
_Init_thread_footer.LIBCMT ref: 00007FF7DD3F9507

Strings

SharedMemoryTracker, xrefs: 00007FF7DD3F94E7

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: SharedMemoryTracker
API String ID: 4092853384-4257729663
Opcode ID: 7a628902c22428a5dbb0df7fd5d131dd6e4f7a58d55a4824571f9e50a276a032
Instruction ID: 330aa71c42847503d87b4505180342b714e48e8502de1335c4105459c60cd925
Opcode Fuzzy Hash: 7a628902c22428a5dbb0df7fd5d131dd6e4f7a58d55a4824571f9e50a276a032
Instruction Fuzzy Hash: 6F114C6191CA5A81EA10FB24E8806BDB364AB94750FC01237ED5F42BA1EE3CF185C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD520D0C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7DD521C93), ref: 00007FF7DD520D50
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7DD521C93), ref: 00007FF7DD520D96

Strings

csm, xrefs: 00007FF7DD520D83

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 8c1000bcb15f442ca7b8db2b3155eacf47d8028713f29548b38ffa2c71bac17f
Instruction ID: 3b6c6d7638932ba2902796c29e6a352954902398fa11e9443cd803bb2d728a3c
Opcode Fuzzy Hash: 8c1000bcb15f442ca7b8db2b3155eacf47d8028713f29548b38ffa2c71bac17f
Instruction Fuzzy Hash: 5F112E3261AB4582EB619B15F44035DBBA5FB84B84F984232EE8D07B54EF3CD555C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD54C94C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DD54C97C

Strings

:, xrefs: 00007FF7DD54C994

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: :
API String ID: 3215553584-336475711
Opcode ID: 4369bce06ef8d7a59414143dda59324a68c479c1728433a49e560071dc270ba5
Instruction ID: 0e86fb160cb94df210bbe57ea8cea32ed5c1749816d4a71893e9b647006f894a
Opcode Fuzzy Hash: 4369bce06ef8d7a59414143dda59324a68c479c1728433a49e560071dc270ba5
Instruction Fuzzy Hash: 9A01A26291C60A91F720BB60985517EA360EF89744FD41037DD5F86685FF3CE1088A35

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F63C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,00007FF7DD3F639D,?,?,?,00007FF7DD3F6381,?,?,?,00007FF7DD3DDC80), ref: 00007FF7DD3F63DC
GetProcAddress.KERNEL32(?,?,?,?,00007FF7DD3F639D,?,?,?,00007FF7DD3F6381,?,?,?,00007FF7DD3DDC80), ref: 00007FF7DD3F63EC

Strings

GetHandleVerifier, xrefs: 00007FF7DD3F63E2

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: 99696aeb022311ca4dce7bcd347c5f492dbce91ebea54896bbd3e5133cf8cda5
Instruction ID: e078b2a2b7483c25f62f321de5aa109d03173a729e83be3d61704f07851cfc77
Opcode Fuzzy Hash: 99696aeb022311ca4dce7bcd347c5f492dbce91ebea54896bbd3e5133cf8cda5
Instruction Fuzzy Hash: 55F0B220E0EA1BC1EE19BB35A8653BDD2916F44745FD4543FD81F422A0FE3DA5A98230

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F3C50, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3F3C88
_Init_thread_footer.LIBCMT ref: 00007FF7DD3F3CBE

Strings

dummy_histogram, xrefs: 00007FF7DD3F3C9D

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: dummy_histogram
API String ID: 4092853384-2199933292
Opcode ID: 4b9888b21ba7aacfdaf84134cfeedf248216b0a74d8334184b17d7aad6236582
Instruction ID: 2baa97cb71b5e4f3ff46f9caee96321680669c4cddf1241aaf0e6bb1810815b6
Opcode Fuzzy Hash: 4b9888b21ba7aacfdaf84134cfeedf248216b0a74d8334184b17d7aad6236582
Instruction Fuzzy Hash: 66F0F664A0CA6AD5EA10FB14E9905BDB360BB41351FC01137DD1F422A1FE3CB599C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD543CBC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF7DD543CE5
TlsSetValue.KERNEL32(?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269,?,?,?,?,00007FF7DD5429D6,?,?,00000000), ref: 00007FF7DD543CFC

Strings

FlsSetValue, xrefs: 00007FF7DD543CD2

Memory Dump Source

Source File: 0000000C.00000002.1755602424.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000C.00000002.1755556340.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756017604.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756061463.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756156798.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000C.00000002.1756176199.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756198536.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000C.00000002.1756222315.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000C.00000002.1756266100.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Valuetry_get_function
String ID: FlsSetValue
API String ID: 738293619-3750699315
Opcode ID: 881b8ff1347d7087cbdc35237b78d32caef69fa9393fc77eb741cac2d332a54a
Instruction ID: 7408631d83bab467fd0b0d8c0dd326bd70faf46c7a21025c67a55d10bf9e8618
Opcode Fuzzy Hash: 881b8ff1347d7087cbdc35237b78d32caef69fa9393fc77eb741cac2d332a54a
Instruction Fuzzy Hash: 76E06561A0C60E81FB447B51F4055BDA262AF48B81FD84037DD5F062A5EE3CD854C321

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: wavebrowser.exe PID: 6748 Parent PID: 3124 wavebrowser.exeCOMMON

Executed Functions

Function 00007FF7DD3E86F0, Relevance: 1.5, APIs: 1, Instructions: 26
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000318,?,?,00007FF7DD51EFB3,?,?,?,00007FF7DD3D13B2,?,?,?,00007FF7DD3D1298), ref: 00007FF7DD3E870A

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e8dd1281c0960b0203101ac5dec9e439b2352e7326a5c791374b8b090f7a55bb
Instruction ID: 650a1a379d76416644a09cc1b07808c15ddefbbf4f17c4b4904d1e6315f63b61
Opcode Fuzzy Hash: e8dd1281c0960b0203101ac5dec9e439b2352e7326a5c791374b8b090f7a55bb
Instruction Fuzzy Hash: 8DE06D15E0C27582FE6567166A0067EC6804F99FE4ED85136CD5D02BC1BD2CA4826A20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD51EF94, Relevance: 1.5, APIs: 1, Instructions: 22
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7DD3E86F0: RtlAllocateHeap.NTDLL(00000318,?,?,00007FF7DD51EFB3,?,?,?,00007FF7DD3D13B2,?,?,?,00007FF7DD3D1298), ref: 00007FF7DD3E870A

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7DD51EFC4

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AllocateConcurrency::cancel_current_taskHeap
String ID:
API String ID: 333155141-0
Opcode ID: 9058a0fa0175ce80cacc03f0af2fc47cb033d11c1964f8514bf8ae7b30eff2f0
Instruction ID: 13ea5f303f42bd54f30f70ce8fef7392d127fe929365a9af458b1e08150c9425
Opcode Fuzzy Hash: 9058a0fa0175ce80cacc03f0af2fc47cb033d11c1964f8514bf8ae7b30eff2f0
Instruction Fuzzy Hash: 1BE0B600E2D14F81FD283AA114564BDD4440F59370EEC1B36ED3F692C2BD2CA4A94170

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF7DD3E87A0, Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 402
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7DD3DA9F0: GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DAA46

Part of subcall function 00007FF7DD3DB1D0: TlsGetValue.KERNEL32 ref: 00007FF7DD3DB1E2

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E88CF
_Init_thread_header.LIBCMT ref: 00007FF7DD3E8BD8
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E8C09
_Init_thread_header.LIBCMT ref: 00007FF7DD3E8C4E
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E8C7F

Strings

../../base/trace_event/trace_log.cc, xrefs: 00007FF7DD3E8CF4
ThreadController::Suspended, xrefs: 00007FF7DD3E87A9

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentInit_thread_footerInit_thread_headerThread$Value
String ID: ../../base/trace_event/trace_log.cc$ThreadController::Suspended
API String ID: 1297581222-2367873125
Opcode ID: 9f9ceca21406228675c9fde992cad3ecd12e07632bf4beccbdaf882a86b1872f
Instruction ID: e25929a76f55cd256c3d7f8ed13c141d4ddb5077fc0e42ec7a3c1af27af5b6f9
Opcode Fuzzy Hash: 9f9ceca21406228675c9fde992cad3ecd12e07632bf4beccbdaf882a86b1872f
Instruction Fuzzy Hash: 71123E32A0DAC5C6E665AB15E4403AEF7A0FB99794FC44236DE9D43795EF3CE0418B20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D9550, Relevance: 14.4, APIs: 3, Strings: 5, Instructions: 409
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3D9A67
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3D9B86

Part of subcall function 00007FF7DD3DA380: GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DA3C7

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3D9D3C

Strings

ThreadControllerImpl::RunTask, xrefs: 00007FF7DD3D96B7
SequenceManager RunTask, xrefs: 00007FF7DD3D9836
RunTask, xrefs: 00007FF7DD3D9BD3
ThreadControllerImpl::DoWork, xrefs: 00007FF7DD3D9AAD
ThreadController: application tasks disallowed, xrefs: 00007FF7DD3D9D80

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: RunTask$SequenceManager RunTask$ThreadController: application tasks disallowed$ThreadControllerImpl::DoWork$ThreadControllerImpl::RunTask
API String ID: 2882836952-2544356614
Opcode ID: a133c6b2e5acb1531985be9a1534e4809357127fd08f52038911d470d1a15bfd
Instruction ID: 9ad36d6e64d51cd2b7ac449f5300d388b4ab8808e8b4b958139d7b5cb931e87d
Opcode Fuzzy Hash: a133c6b2e5acb1531985be9a1534e4809357127fd08f52038911d470d1a15bfd
Instruction Fuzzy Hash: 6B225F31A0CAC6C5E661AB25E5513EEE7A0FB84794FC8413ADA8D07795EF3CE054CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DEA70, Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 409
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DF10F

Strings

SequenceManager, xrefs: 00007FF7DD3DF08F
snapshot, xrefs: 00007FF7DD3DF041
SequenceManager.YieldToNative, xrefs: 00007FF7DD3DF207, 00007FF7DD3DF22E
SequenceManagerImpl::SelectNextTask, xrefs: 00007FF7DD3DF154

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: SequenceManager$SequenceManager.YieldToNative$SequenceManagerImpl::SelectNextTask$snapshot
API String ID: 2882836952-1676124652
Opcode ID: 7340c877c7cec22c55e562cc82b4cc2f5abd6a2aaca3800549e2d4907f30a948
Instruction ID: 2414c63dab1a9405557e11c67027a1a7b74e4054bab2c3d27f5544d26c82126d
Opcode Fuzzy Hash: 7340c877c7cec22c55e562cc82b4cc2f5abd6a2aaca3800549e2d4907f30a948
Instruction Fuzzy Hash: 4612B52260CBC585EA65AB65E4603EEE7A0FB85784FC84237DA8E13795EF7CE045C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD5369D0, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF7DD536A3F
WriteFile.KERNEL32 ref: 00007FF7DD536CF6
WriteFile.KERNEL32 ref: 00007FF7DD536D48
GetLastError.KERNEL32 ref: 00007FF7DD536E4A
GetLastError.KERNEL32 ref: 00007FF7DD536EAA

Strings

MZx, xrefs: 00007FF7DD536A0B, 00007FF7DD536AAA, 00007FF7DD536B52, 00007FF7DD536C1A, 00007FF7DD536D94, 00007FF7DD536E1E

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorFileLastWrite$ConsoleOutput
String ID: MZx
API String ID: 1443284424-2575928145
Opcode ID: 8a860757fd3e21eabc79faa7ccf6e34d2bf08f84774a7b84ea60bec0f007be46
Instruction ID: 8134e522cd39e4721b3843f660ff8437465059bdce93b4cb38e38b8ef415eebf
Opcode Fuzzy Hash: 8a860757fd3e21eabc79faa7ccf6e34d2bf08f84774a7b84ea60bec0f007be46
Instruction Fuzzy Hash: FDE1F022B1CA899AE701DF64D4401ADBBB1FB45788FC4813BDE4E57B98EE78D41AC710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD532534, Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF7DD5325AD
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7DD5325C5
RtlVirtualUnwind.KERNEL32 ref: 00007FF7DD532600
IsDebuggerPresent.KERNEL32 ref: 00007FF7DD532639
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7DD532643
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7DD53264E

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 3ea562e2f8e7a4318af99a092c1169bc9dda556f248615854f2b11d062294bb1
Instruction ID: 0ede1efe9dcfdd2833cca7c8a0ce6f9256e7ba6b5fa1c06a8744bee952612a05
Opcode Fuzzy Hash: 3ea562e2f8e7a4318af99a092c1169bc9dda556f248615854f2b11d062294bb1
Instruction Fuzzy Hash: 15317F36608F8585DB609B25E8406AEB3A4FB88754FD40136EE9E43B58EF38C159CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3ECDC0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3ECFA0
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3ED044

Strings

MessagePumpForUI::WaitForWork PeekMessage, xrefs: 00007FF7DD3ED09F, 00007FF7DD3ED0E2
MessagePumpForUI::WaitForWork GetQueueStatus, xrefs: 00007FF7DD3ECFED, 00007FF7DD3ED022

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: MessagePumpForUI::WaitForWork GetQueueStatus$MessagePumpForUI::WaitForWork PeekMessage
API String ID: 2882836952-3056387654
Opcode ID: efcd120020928fb2f9748679d09c33d511815909317ccfe57d198f94718f2f5a
Instruction ID: 43151a76a202b81cb6193d7b03f30b5521341770d7b73ef81885bb1793b95603
Opcode Fuzzy Hash: efcd120020928fb2f9748679d09c33d511815909317ccfe57d198f94718f2f5a
Instruction Fuzzy Hash: 6BA1517261C68685E720AB29E4113AEF7E0FB89754FC4523AEA9D43795EF3CE045CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F01A2, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3F01D9

Strings

33333333, xrefs: 00007FF7DD3F02FE
UUUUUUUU, xrefs: 00007FF7DD3F02EB

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AcquireExclusiveLock
String ID: 33333333$UUUUUUUU
API String ID: 4021432409-3483174168
Opcode ID: 7a6ca96141da4f78a26eb42963c7a7724b7f1ebb8bc9c9b6e1cc4ee59a66581a
Instruction ID: a5b3a572a2e2ab7eb8df491ee3633a05a1cb97694d25b9168b8960dca9011588
Opcode Fuzzy Hash: 7a6ca96141da4f78a26eb42963c7a7724b7f1ebb8bc9c9b6e1cc4ee59a66581a
Instruction Fuzzy Hash: C7619152F8E95AC1EE24A7259A143BDD252BB55BE1FCC8037CD5D07B99FE3CE1818220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3ECAF0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3ECC00

Part of subcall function 00007FF7DD3DA380: GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DA3C7

Strings

MessagePumpForUI::ProcessNextWindowsMessage GetQueueStatus, xrefs: 00007FF7DD3ECC46
MessagePumpForUI::ProcessNextWindowsMessage PeekMessage, xrefs: 00007FF7DD3ECCB2

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: MessagePumpForUI::ProcessNextWindowsMessage GetQueueStatus$MessagePumpForUI::ProcessNextWindowsMessage PeekMessage
API String ID: 2882836952-1151399461
Opcode ID: 3802ec687e35e82bd7d06fabc6278b7381b8886d3c04e70e3c3aa3227abe5153
Instruction ID: 910be48c585fdd9f2d4e59abe55f1abc0c1124f759e139f647297aff944402ac
Opcode Fuzzy Hash: 3802ec687e35e82bd7d06fabc6278b7381b8886d3c04e70e3c3aa3227abe5153
Instruction Fuzzy Hash: 43618231A1C69685E620AB25E8113FEE7A0BF99784FC45236EE8D03795EF3CE145C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD45D940, Relevance: 40.5, APIs: 2, Strings: 21, Instructions: 294
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD45D978
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD45D9F1

Strings

name, xrefs: 00007FF7DD45D9A1
time_domain_name, xrefs: 00007FF7DD45DAA0
any_thread_.immediate_incoming_queuesize, xrefs: 00007FF7DD45DAC9
priority, xrefs: 00007FF7DD45DD7A
delayed_fence_seconds_from_now, xrefs: 00007FF7DD45DD27
immediate_work_queue, xrefs: 00007FF7DD45DE1B
delay_to_next_task_ms, xrefs: 00007FF7DD45DCB7
any_thread_.immediate_incoming_queuecapacity, xrefs: 00007FF7DD45DBA0
delayed_work_queue, xrefs: 00007FF7DD45DDEA
enabled, xrefs: 00007FF7DD45DA71
delayed_work_queue_size, xrefs: 00007FF7DD45DB5E
current_fence, xrefs: 00007FF7DD45DCE8
unregistered, xrefs: 00007FF7DD45D9C9
immediate_work_queue_capacity, xrefs: 00007FF7DD45DBDF
delayed_incoming_queue, xrefs: 00007FF7DD45DE48
delayed_incoming_queue_size, xrefs: 00007FF7DD45DB04
immediate_work_queue_size, xrefs: 00007FF7DD45DB31
0x%llx, xrefs: 00007FF7DD45DA1E
delayed_work_queue_capacity, xrefs: 00007FF7DD45DC1F
immediate_incoming_queue, xrefs: 00007FF7DD45DDB9
task_queue_id, xrefs: 00007FF7DD45DA35

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: 0x%llx$any_thread_.immediate_incoming_queuecapacity$any_thread_.immediate_incoming_queuesize$current_fence$delay_to_next_task_ms$delayed_fence_seconds_from_now$delayed_incoming_queue$delayed_incoming_queue_size$delayed_work_queue$delayed_work_queue_capacity$delayed_work_queue_size$enabled$immediate_incoming_queue$immediate_work_queue$immediate_work_queue_capacity$immediate_work_queue_size$name$priority$task_queue_id$time_domain_name$unregistered
API String ID: 17069307-2174853566
Opcode ID: f120018444aa25a9c5b3d999b964c96b24bd52b841ea6cf0629c57ab3d7d9949
Instruction ID: 516ba54eb1b576359d1f486d1dd952193a900c888871e0b549d5f2fcf8802e18
Opcode Fuzzy Hash: f120018444aa25a9c5b3d999b964c96b24bd52b841ea6cf0629c57ab3d7d9949
Instruction Fuzzy Hash: FDE1076260CB8A94EB50AF15E4543ADB364FB89B88FC48036DE4E07755EF7DD189C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD544234, Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF7DD54424F
try_get_function.LIBVCRUNTIME ref: 00007FF7DD54426E

Part of subcall function 00007FF7DD544390: GetProcAddress.KERNEL32(?,?,00000005,00007FF7DD543CEA,?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269), ref: 00007FF7DD5444E8

try_get_function.LIBVCRUNTIME ref: 00007FF7DD54428D

Part of subcall function 00007FF7DD544390: LoadLibraryExW.KERNEL32(?,?,00000005,00007FF7DD543CEA,?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269), ref: 00007FF7DD544433
Part of subcall function 00007FF7DD544390: GetLastError.KERNEL32(?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269,?,?,?,?,00007FF7DD5429D6,?,?,00000000), ref: 00007FF7DD544441
Part of subcall function 00007FF7DD544390: LoadLibraryExW.KERNEL32(?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269,?,?,?,?,00007FF7DD5429D6,?,?,00000000), ref: 00007FF7DD544483

try_get_function.LIBVCRUNTIME ref: 00007FF7DD5442AC

Part of subcall function 00007FF7DD544390: FreeLibrary.KERNEL32(?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269,?,?,?,?,00007FF7DD5429D6,?,?,00000000), ref: 00007FF7DD5444BC

try_get_function.LIBVCRUNTIME ref: 00007FF7DD5442CB
try_get_function.LIBVCRUNTIME ref: 00007FF7DD5442EA
try_get_function.LIBVCRUNTIME ref: 00007FF7DD544309
try_get_function.LIBVCRUNTIME ref: 00007FF7DD544328
try_get_function.LIBVCRUNTIME ref: 00007FF7DD544347
try_get_function.LIBVCRUNTIME ref: 00007FF7DD544366

Strings

GetUserDefaultLocaleName, xrefs: 00007FF7DD5442EF, 00007FF7DD544302
GetDateFormatEx, xrefs: 00007FF7DD544292, 00007FF7DD5442A5
GetLocaleInfoEx, xrefs: 00007FF7DD5442C4
CompareStringEx, xrefs: 00007FF7DD544267
LCIDToLocaleName, xrefs: 00007FF7DD54434C, 00007FF7DD54435F
LCMapStringEx, xrefs: 00007FF7DD544340
LocaleNameToLCID, xrefs: 00007FF7DD54436B, 00007FF7DD54437E
EnumSystemLocalesEx, xrefs: 00007FF7DD544273, 00007FF7DD544286
IsValidLocaleName, xrefs: 00007FF7DD54430E, 00007FF7DD544321
GetTimeFormatEx, xrefs: 00007FF7DD5442D0, 00007FF7DD5442E3
AreFileApisANSI, xrefs: 00007FF7DD544248

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
API String ID: 3255926029-3252031757
Opcode ID: f83c9ce4c80e8a4b52c03f58ea9f84798ef6b9b10d27f24e1776d122edcfa0f4
Instruction ID: 0c534558337524e50b574dbaa9af952a4b0260c17d279c26f712038e0cd7f4ac
Opcode Fuzzy Hash: f83c9ce4c80e8a4b52c03f58ea9f84798ef6b9b10d27f24e1776d122edcfa0f4
Instruction Fuzzy Hash: 47315E7491CA4FA1EB44FB50E8616FCA325AB04746FD04033DD0F061A7EE7CA689C362

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D89D0, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 117
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThread.KERNEL32 ref: 00007FF7DD3D8A2E
GetThreadPriority.KERNEL32 ref: 00007FF7DD3D8A33
GetCurrentThread.KERNEL32 ref: 00007FF7DD3D8A3B
SetThreadPriority.KERNEL32 ref: 00007FF7DD3D8A45
QueryPerformanceCounter.KERNEL32 ref: 00007FF7DD3D8AAA
GetCurrentThread.KERNEL32 ref: 00007FF7DD3D8AB3
SetThreadPriority.KERNEL32 ref: 00007FF7DD3D8ABE
QueryPerformanceFrequency.KERNEL32 ref: 00007FF7DD3D8ACF
_Init_thread_header.LIBCMT ref: 00007FF7DD3D8B66
_Init_thread_footer.LIBCMT ref: 00007FF7DD3D8B8F
_Init_thread_header.LIBCMT ref: 00007FF7DD3D8BA0
QueryPerformanceCounter.KERNEL32 ref: 00007FF7DD3D8BC1
_Init_thread_footer.LIBCMT ref: 00007FF7DD3D8BD8

Strings

ThreadController::Suspended, xrefs: 00007FF7DD3D89D5

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Thread$CurrentPerformancePriorityQuery$CounterInit_thread_footerInit_thread_header$Frequency
String ID: ThreadController::Suspended
API String ID: 521408450-805077164
Opcode ID: e6ff1d6724994a36753450347ca56ec8e7f8eddf14eb61fe2da00d67f8dc330e
Instruction ID: 5ef128903bb97a6244434aebbf95d23b5292335a8db28bfc09f9586a32f5ecb8
Opcode Fuzzy Hash: e6ff1d6724994a36753450347ca56ec8e7f8eddf14eb61fe2da00d67f8dc330e
Instruction Fuzzy Hash: 8551CB21A0CA5A8AE612AB34E951A3DE365BF44791FC55333DD0F126A1EF3CB186C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E7CF0, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 236
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3E7D68
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E7D9C
_Init_thread_header.LIBCMT ref: 00007FF7DD3E7DFF
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E7E2C

Strings

event_name_whitelist, xrefs: 00007FF7DD3E8024
event_whitelist_predicate, xrefs: 00007FF7DD3E7E56, 00007FF7DD3E7E8E
heap_profiler_predicate, xrefs: 00007FF7DD3E7EAF, 00007FF7DD3E7ED7

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: event_name_whitelist$event_whitelist_predicate$heap_profiler_predicate
API String ID: 4092853384-959554088
Opcode ID: 4668c24c9cbfce320478ebb669e2ef7e335c983ba2266b06c341713edacb18e2
Instruction ID: ecab42973558370bcc6f5f8f21f1da197a2141d1f77a2e229575eb20ea6460a4
Opcode Fuzzy Hash: 4668c24c9cbfce320478ebb669e2ef7e335c983ba2266b06c341713edacb18e2
Instruction Fuzzy Hash: 9AB13922A0DA4685EA40EB15E45077DF3A1EB84B90FD05636EE5E477E1EF7CE845C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E85A0, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 93
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF7DD3E8658
GetProcAddress.KERNEL32 ref: 00007FF7DD3E866E
FreeLibrary.KERNEL32 ref: 00007FF7DD3E8693
GetModuleHandleExW.KERNEL32 ref: 00007FF7DD3E86DF

Strings

advapi32.dll, xrefs: 00007FF7DD3E86CF
EventSetInformation, xrefs: 00007FF7DD3E8667
Google.Chrome, xrefs: 00007FF7DD3E85AA
api-ms-win-eventing-provider-l1-1-0.dll, xrefs: 00007FF7DD3E864D

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID: EventSetInformation$Google.Chrome$advapi32.dll$api-ms-win-eventing-provider-l1-1-0.dll
API String ID: 3947729631-1037291142
Opcode ID: e0118fe434a9e0d62070b9cdb7bf355e07768046950d393a9f2f0cfe58c6398e
Instruction ID: 5588de113f1cfce091231532d0d230535adf0fe6db23cd746f8f60aea66158a9
Opcode Fuzzy Hash: e0118fe434a9e0d62070b9cdb7bf355e07768046950d393a9f2f0cfe58c6398e
Instruction Fuzzy Hash: B0316271A0C65682E720AB12E94067EE3A5FB9CB94FC44137DE5F47790EE3CE5058310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E5EC0, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 180
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E5F6A
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E5F9A
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E6137

Strings

TaskQueueImpl::UnregisterTaskQueue, xrefs: 00007FF7DD3E6177
UnregisterTaskQueue, xrefs: 00007FF7DD3E5F22
../../base/task/sequence_manager/task_queue_impl.cc, xrefs: 00007FF7DD3E5F29
SequenceManagerImpl::UnregisterTaskQueue, xrefs: 00007FF7DD3E5EC6

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread
String ID: ../../base/task/sequence_manager/task_queue_impl.cc$SequenceManagerImpl::UnregisterTaskQueue$TaskQueueImpl::UnregisterTaskQueue$UnregisterTaskQueue
API String ID: 135963836-340724832
Opcode ID: d75d3a1234f69bde1e2c14f2a8c856ef7bc6c21922fe9001a17d7c986dc218c4
Instruction ID: 9fd7a2682408c909f76d3385bc74e4502bf977ae63512ff5e690bfbcaac62f42
Opcode Fuzzy Hash: d75d3a1234f69bde1e2c14f2a8c856ef7bc6c21922fe9001a17d7c986dc218c4
Instruction Fuzzy Hash: 6F81A421A0C795D2EA15AB21D5103BEE350BF49794FC4463ADE5E07AC6EF3CE466C321

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EC0D0, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 179
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetQueuedCompletionStatus.KERNEL32 ref: 00007FF7DD3EC162
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3EC1C3
GetLastError.KERNEL32 ref: 00007FF7DD3EC2DD

Strings

IOHandler::OnIOCompleted, xrefs: 00007FF7DD3EC236
base,toplevel, xrefs: 00007FF7DD3EC2F4
dest_func, xrefs: 00007FF7DD3EC1F9
dest_file, xrefs: 00007FF7DD3EC1ED

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CompletionCurrentErrorLastQueuedStatusThread
String ID: IOHandler::OnIOCompleted$base,toplevel$dest_file$dest_func
API String ID: 2913705192-2347511066
Opcode ID: 0957a8ff4923b11aa0766193fa9110d1c71591c6b82ccad42d1c8f9595c70007
Instruction ID: a312adf5157ba208383e115d4d284369a5ed607a3b7fd093c1cbcccef52fddc2
Opcode Fuzzy Hash: 0957a8ff4923b11aa0766193fa9110d1c71591c6b82ccad42d1c8f9595c70007
Instruction Fuzzy Hash: 7681513290CB8586EA51AB59E84036EE7A0FB89790FD4423AEA8D43B95EF7CD045C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E32A0, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E348D

Strings

SequenceManager PostTask, xrefs: 00007FF7DD3E32AD
task_queue_name, xrefs: 00007FF7DD3E34D3

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: SequenceManager PostTask$task_queue_name
API String ID: 2882836952-41416774
Opcode ID: a1c9b27b2347c1c029bb57e9d484921d2305d747d545dfe1afb63170077cbbb0
Instruction ID: 61b1f230d6a0d02c771c676259236eac0facdf250542bbcd634047eb5772834c
Opcode Fuzzy Hash: a1c9b27b2347c1c029bb57e9d484921d2305d747d545dfe1afb63170077cbbb0
Instruction Fuzzy Hash: A1816832A0CA4685EA14EB15E5447BDE7A0EB98794FC4523ADE4E436E1EF3CE085C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD46CC80, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD46CCEA
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD46CDB4

Strings

task_posted_to_disabled_queue, xrefs: 00007FF7DD46CD5E, 00007FF7DD46CE26
task_queue_name, xrefs: 00007FF7DD46CD17
time_since_disabled_ms, xrefs: 00007FF7DD46CD23
location, xrefs: 00007FF7DD46CDE5
ipc_hash, xrefs: 00007FF7DD46CDD9

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: ipc_hash$location$task_posted_to_disabled_queue$task_queue_name$time_since_disabled_ms
API String ID: 2882836952-2004826100
Opcode ID: c3c7bf5c540ce4937e0a2cc64c50e52e6b5c63adabb9a6f0f9364cd4e3f8b309
Instruction ID: 435b8daeb8cebde8437acff5e8591c78c51c5c2c982525715d4baf56606f0385
Opcode Fuzzy Hash: c3c7bf5c540ce4937e0a2cc64c50e52e6b5c63adabb9a6f0f9364cd4e3f8b309
Instruction Fuzzy Hash: EA51AC3290CB8586E611EB11E9546AEBBA4FB89780FD44236EE8E03B55EF3CD045DB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD54FC1C, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF7DD54FB43,?,?,00000000,00007FF7DD53F7FE,?,?,?,00007FF7DD520CF9), ref: 00007FF7DD54FC9F
GetLastError.KERNEL32(?,00007FF7DD54FB43,?,?,00000000,00007FF7DD53F7FE,?,?,?,00007FF7DD520CF9), ref: 00007FF7DD54FCAD
LoadLibraryExW.KERNEL32(?,00007FF7DD54FB43,?,?,00000000,00007FF7DD53F7FE,?,?,?,00007FF7DD520CF9), ref: 00007FF7DD54FCD7
FreeLibrary.KERNEL32(?,00007FF7DD54FB43,?,?,00000000,00007FF7DD53F7FE,?,?,?,00007FF7DD520CF9), ref: 00007FF7DD54FD1D
GetProcAddress.KERNEL32(?,00007FF7DD54FB43,?,?,00000000,00007FF7DD53F7FE,?,?,?,00007FF7DD520CF9), ref: 00007FF7DD54FD29

Strings

MZx, xrefs: 00007FF7DD54FC3A, 00007FF7DD54FCE8, 00007FF7DD54FD06
api-ms-, xrefs: 00007FF7DD54FCBF

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: MZx$api-ms-
API String ID: 2559590344-259127448
Opcode ID: e1a67f764d0701f993f61e262d9f36da8f7bf638ab31bd634c889dd8f09048ca
Instruction ID: a2d789ab33f4573332f13c3b9a04d799e6ccbd20800603347923a59d589a3250
Opcode Fuzzy Hash: e1a67f764d0701f993f61e262d9f36da8f7bf638ab31bd634c889dd8f09048ca
Instruction Fuzzy Hash: 4031C625A0EA4AD5EE11AB06A80453DA394BF48B64FD90537DD2E4B3D4FF3CE0498321

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F3FD0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 227fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNEL32 ref: 00007FF7DD3F40A1
GetLastError.KERNEL32 ref: 00007FF7DD3F40B0
FindClose.KERNEL32 ref: 00007FF7DD3F4364

Strings

Next, xrefs: 00007FF7DD3F4026
../../base/files/file_enumerator_win.cc, xrefs: 00007FF7DD3F402D

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Find$CloseErrorFileLastNext
String ID: ../../base/files/file_enumerator_win.cc$Next
API String ID: 256431386-3065876524
Opcode ID: 12e26cf172c68d053c303adeccb982d7ada4b9e58bf6315664bdebc3b63edce3
Instruction ID: f701c84b4b733243b00cb5a245cdf90a092d28756ea0c4973397af6757a6c16a
Opcode Fuzzy Hash: 12e26cf172c68d053c303adeccb982d7ada4b9e58bf6315664bdebc3b63edce3
Instruction Fuzzy Hash: E4B17D21A0CA8AD2EA54AB25E5453FEE3A4FB80790FC44136EA9D437A5EF3CE455C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DADF0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 203threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DB027

Strings

ipc_hash, xrefs: 00007FF7DD3DB067
TaskAnnotator::RunTask, xrefs: 00007FF7DD3DB09F

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: TaskAnnotator::RunTask$ipc_hash
API String ID: 2882836952-1447593005
Opcode ID: 2232c6525735e3875e83390fb7bc2c02a639102ed046c83e56a39718e9f32e34
Instruction ID: 5e8a10f619054541c1bc277f782b5ecb3185a1b69b7ec29552379eadd5493417
Opcode Fuzzy Hash: 2232c6525735e3875e83390fb7bc2c02a639102ed046c83e56a39718e9f32e34
Instruction Fuzzy Hash: A9A14C3290CBC585E660AB25E9503AEF7A4FB94794FC4513AEA8D477A5EF3CE044CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E67C0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32 ref: 00007FF7DD3E6838
GetLastError.KERNEL32 ref: 00007FF7DD3E6871
CloseHandle.KERNEL32 ref: 00007FF7DD3E689F
_Init_thread_header.LIBCMT ref: 00007FF7DD3E691D
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E694A

Strings

create_thread_last_error, xrefs: 00007FF7DD3E692B

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CloseCreateErrorHandleInit_thread_footerInit_thread_headerLastThread
String ID: create_thread_last_error
API String ID: 1016829980-3219933969
Opcode ID: 7a6452c9581b7e9f4fa9c4afed82931426a16e28c6a04a87af243b7f1935a37d
Instruction ID: 7f529649e8ebb288587752301269f195cf55c64b14616b26780cf56c1789c062
Opcode Fuzzy Hash: 7a6452c9581b7e9f4fa9c4afed82931426a16e28c6a04a87af243b7f1935a37d
Instruction Fuzzy Hash: 8E417A21A0D65686FA10BB51E8506BDE7A1BB88B90FC44A3BED4F476D1EE3CF4558320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD4220E0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79synchronizationthreadCOMMON

Download Yara Rule

APIs

GetThreadId.KERNEL32 ref: 00007FF7DD42210C
GetLastError.KERNEL32 ref: 00007FF7DD422222

Part of subcall function 00007FF7DD422240: GetThreadId.KERNEL32 ref: 00007FF7DD42225E

WaitForSingleObject.KERNEL32 ref: 00007FF7DD4221D0
CloseHandle.KERNEL32 ref: 00007FF7DD4221E2

Strings

Join, xrefs: 00007FF7DD422199
../../base/threading/platform_thread_win.cc, xrefs: 00007FF7DD4221A0

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Thread$CloseErrorHandleLastObjectSingleWait
String ID: ../../base/threading/platform_thread_win.cc$Join
API String ID: 3108261205-821740204
Opcode ID: 7c39c805498682cb1504f7e2a45ff05aada03280f8321ddb953a005adcdd047d
Instruction ID: b54473c4f1bfcb1182429cd19f45b8b95b968a6ad65bb8b0642e1bfce5c3b12b
Opcode Fuzzy Hash: 7c39c805498682cb1504f7e2a45ff05aada03280f8321ddb953a005adcdd047d
Instruction Fuzzy Hash: 48314F21A1CAD591E621AB24E4417FEE3B5EF94794FC40132DA8E03665FF3DD546CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD5514BC, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF7DD5514ED
GetLastError.KERNEL32 ref: 00007FF7DD5514F9
CloseHandle.KERNEL32 ref: 00007FF7DD551511
CreateFileW.KERNEL32 ref: 00007FF7DD55153C
WriteConsoleW.KERNEL32 ref: 00007FF7DD55155B

Strings

CONOUT$, xrefs: 00007FF7DD55151D

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: fc28143af0c14e0b7095b76b25fe1e775dbfad104472ddec1544366983cce9f4
Instruction ID: 7046b33bec4030065c88bc7f3cf6ab6385e87949014c1705afd0bc2b7f09a4a6
Opcode Fuzzy Hash: fc28143af0c14e0b7095b76b25fe1e775dbfad104472ddec1544366983cce9f4
Instruction Fuzzy Hash: 0D11AF31A1CB5582E750AB46A844B2DA6A1FB88BE4FC44235EE1F83794EF7CD4448760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F12E0, Relevance: 9.1, APIs: 6, Instructions: 67COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3F1349
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3F1388
_Init_thread_header.LIBCMT ref: 00007FF7DD3F13AC
_Init_thread_footer.LIBCMT ref: 00007FF7DD3F13DD
_Init_thread_header.LIBCMT ref: 00007FF7DD3F13EE

Part of subcall function 00007FF7DD51EFE0: EnterCriticalSection.KERNEL32(?,?,00000062,00007FF7DD3EC6D0), ref: 00007FF7DD51EFF0

_Init_thread_footer.LIBCMT ref: 00007FF7DD3F1413

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveInit_thread_footerInit_thread_headerLock$AcquireCriticalEnterReleaseSection
String ID:
API String ID: 2670297682-0
Opcode ID: 03f6603a5ec0b0de8b858e81bb151abb40c9544c142d4eac731bc62c1fda8bdc
Instruction ID: f3783842829a06aa787e2db15f0ff9ac781271d35c9a862eb5b35a545f575c84
Opcode Fuzzy Hash: 03f6603a5ec0b0de8b858e81bb151abb40c9544c142d4eac731bc62c1fda8bdc
Instruction Fuzzy Hash: 7331292191CA6A81EA00FB61F9805BEA324BF90751FC15237DD0E566A0AF2CF48AD720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EDDE0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 177timeCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32 ref: 00007FF7DD3EDE57
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7DD3EDF17
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7DD3EDF67

Strings

gfffffff, xrefs: 00007FF7DD3EDF1D
gfffffff, xrefs: 00007FF7DD3EDF6D

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Time$FileSystem$CounterPerformanceQuery
String ID: gfffffff$gfffffff
API String ID: 3444630516-161084747
Opcode ID: 79cf0b217f42fe8f336ea9a0ee9c2e51dd2828aed7d81c4e648f98708e072c1e
Instruction ID: 23109a0e46a81a838ef96477e6d8722558419f0658e262e6c97ccbebe5087182
Opcode Fuzzy Hash: 79cf0b217f42fe8f336ea9a0ee9c2e51dd2828aed7d81c4e648f98708e072c1e
Instruction Fuzzy Hash: C5517371B1D74A81EA54DB16F94466DE3A1AB88BE0FC85236DD5F477E4EE3CE0418310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D7800, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3D785B
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3D786B
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3D78A4
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3D78D1

Part of subcall function 00007FF7DD3D8490: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000006318FFF3E0,00000000,00007FF7DD3FA101), ref: 00007FF7DD3D84DB

Strings

value, xrefs: 00007FF7DD3D790E

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentThread$Release
String ID: value
API String ID: 1598680105-494360628
Opcode ID: 2417bcbf7a1bc754ab3c446a7e7dec182eb7e564232dd02acbcb711c889b0ce2
Instruction ID: c4f040ba57ecdc6a7ed4e315244a35857c2db9d9becee96515a435754e591892
Opcode Fuzzy Hash: 2417bcbf7a1bc754ab3c446a7e7dec182eb7e564232dd02acbcb711c889b0ce2
Instruction Fuzzy Hash: 7141C172A0C78582E620AF25E4503ADE7A0FB44B94FD8413ADE9E03755EF3CE046C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F6060, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 00007FF7DD3F6132
GetLastError.KERNEL32 ref: 00007FF7DD3F617F

Strings

Read, xrefs: 00007FF7DD3F60B5
../../base/files/file_win.cc, xrefs: 00007FF7DD3F60BC
File::Read, xrefs: 00007FF7DD3F619C

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: ../../base/files/file_win.cc$File::Read$Read
API String ID: 1948546556-1732825555
Opcode ID: 11898f5d5f847d5d0af1da8a1865a1e20e011a38fa82882fd39c724473d8ac58
Instruction ID: 18bd362679febcede6ae135c0033071540a800b1bc933c8a4c452d42243cf29d
Opcode Fuzzy Hash: 11898f5d5f847d5d0af1da8a1865a1e20e011a38fa82882fd39c724473d8ac58
Instruction Fuzzy Hash: 9F31F321A1C99A91FA22AB24E8016FEE364BF94794FC45232ED4D03691FE3DE156C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD52E8DC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF7DD52E8F8
GetProcAddress.KERNEL32 ref: 00007FF7DD52E90E
FreeLibrary.KERNEL32 ref: 00007FF7DD52E92B

Strings

CorExitProcess, xrefs: 00007FF7DD52E907
mscoree.dll, xrefs: 00007FF7DD52E8EF

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 1eadfbb0434d2b97c0f5433e4f4e5936b3a879e0e935204f2af32b34addea9b3
Instruction ID: 6185e803031968a19fe7ad0e83d88cf7c5f4f89b5c038ed3fdb2e49947b1353e
Opcode Fuzzy Hash: 1eadfbb0434d2b97c0f5433e4f4e5936b3a879e0e935204f2af32b34addea9b3
Instruction Fuzzy Hash: A0F03A61A1D64A81EF54ABA1E88477DA761AF48780FC41437DD4F86264EE3CE4A88730

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD5366EC, Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DD53672E
GetConsoleMode.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF7DD520A73,?,?,?,00000000), ref: 00007FF7DD5367EC
GetLastError.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF7DD520A73,?,?,?,00000000), ref: 00007FF7DD536876

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
String ID:
API String ID: 2210144848-0
Opcode ID: 65279237fb41dd2b1aee5c90d38c38541353cac6e46d496fe6443cc427d3fe14
Instruction ID: 5516163963517517214174f0ae77c6e4bdfb279c3fc470790f078dcf7189dcab
Opcode Fuzzy Hash: 65279237fb41dd2b1aee5c90d38c38541353cac6e46d496fe6443cc427d3fe14
Instruction Fuzzy Hash: 06819F22E1C65A89FB10BB6588406BCA7A1BB44B94FD4413BDE0F53795EFBCA445C730

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DA9F0, Relevance: 7.7, APIs: 5, Instructions: 168threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DD3DACD0: TlsGetValue.KERNEL32 ref: 00007FF7DD3DACDE

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DAA46
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7DD3DAAEC
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3DAB6D
_Init_thread_header.LIBCMT ref: 00007FF7DD3DAB86
_Init_thread_footer.LIBCMT ref: 00007FF7DD3DABC4

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentInit_thread_footerInit_thread_headerReleaseThreadValue
String ID:
API String ID: 2678241846-0
Opcode ID: d4e026dee5082df18756648832a20664a4926d0bdf7190053f54a6c95befc6a6
Instruction ID: cde56fbc3fdee27d26b293ca7978562594c332370e55622bc50cd1bd32a4f774
Opcode Fuzzy Hash: d4e026dee5082df18756648832a20664a4926d0bdf7190053f54a6c95befc6a6
Instruction Fuzzy Hash: EF717331A0C68681EA60BB11A5607BDF7A0BB94790FC8453BED8E47795FE7CE445C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DD2C0, Relevance: 7.6, APIs: 5, Instructions: 86COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF7DD3DD2F8
TlsSetValue.KERNEL32 ref: 00007FF7DD3DD324
TlsSetValue.KERNEL32 ref: 00007FF7DD3DD352
TlsFree.KERNEL32 ref: 00007FF7DD3DD3A2

Part of subcall function 00007FF7DD3DD510: TlsAlloc.KERNEL32(?,?,?,00007FF7DD3FA252,?,?,?,?,00007FF7DD3F9F35,?,?,?,00007FF7DD3DADCE), ref: 00007FF7DD3DD518

TlsFree.KERNEL32 ref: 00007FF7DD3DD3D6

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Value$Free$Alloc
String ID:
API String ID: 4173863045-0
Opcode ID: 81a979a1713467d81661ee10fef108a781d4fd24695aea7be257c2071ad1b613
Instruction ID: 491195a2e06ac07438c5c8fa9e074e8acf67b0070c63b8df8d8c1061f027da1b
Opcode Fuzzy Hash: 81a979a1713467d81661ee10fef108a781d4fd24695aea7be257c2071ad1b613
Instruction Fuzzy Hash: 9A316331A0C1468AE664B725A4605BEF3519F84794FC4433AFA6E0B7D9FE3CE5468F20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F6420, Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

_Init_thread_footer.LIBCMT ref: 00007FF7DD3F6485

Part of subcall function 00007FF7DD51F4D8: EnterCriticalSection.KERNEL32(?,?,?,00007FF7DD3DADDA,?,?,?,?,00007FF7DD3DAA5C), ref: 00007FF7DD51F4E8
Part of subcall function 00007FF7DD51F4D8: LeaveCriticalSection.KERNEL32(?,?,?,00007FF7DD3DADDA,?,?,?,?,00007FF7DD3DAA5C), ref: 00007FF7DD51F528

_Init_thread_header.LIBCMT ref: 00007FF7DD3F6454

Part of subcall function 00007FF7DD51EFE0: EnterCriticalSection.KERNEL32(?,?,00000062,00007FF7DD3EC6D0), ref: 00007FF7DD51EFF0

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF7DD3F6412,?,?,?,?,00007FF7DD3F639D,?,?,?,00007FF7DD3F6381), ref: 00007FF7DD3F6494
_Init_thread_header.LIBCMT ref: 00007FF7DD3F6525
_Init_thread_footer.LIBCMT ref: 00007FF7DD3F6556

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CriticalSection$EnterInit_thread_footerInit_thread_header$AcquireExclusiveLeaveLock
String ID:
API String ID: 2014417079-0
Opcode ID: 3d598dc6d550002bfa6811315f4d29e3938c45054ac3c373fcfcdb3391c4a5cf
Instruction ID: 32af79d1f7855693e2970d8aaecc60abdc3733cc53cf32c61b86b56f4dfcc52d
Opcode Fuzzy Hash: 3d598dc6d550002bfa6811315f4d29e3938c45054ac3c373fcfcdb3391c4a5cf
Instruction Fuzzy Hash: 6E415921A0CA5B81EA10FB21EA506BDE360AF94750FC0513BDD6F462A6FE3CB4958720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EB900, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 160synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF7DD3EBA34

Part of subcall function 00007FF7DD3DA5F0: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DD3DA628

WaitForSingleObject.KERNEL32 ref: 00007FF7DD3EBB5C

Strings

TimedWait, xrefs: 00007FF7DD3EBAD7
../../base/synchronization/waitable_event_win.cc, xrefs: 00007FF7DD3EBADE

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ObjectSingleWait$CounterPerformanceQuery
String ID: ../../base/synchronization/waitable_event_win.cc$TimedWait
API String ID: 2161673850-3163266676
Opcode ID: 9915d8dc1ebe59b2d2c8320b3d3f5773368ae601eab0ab67039430de386d0d2b
Instruction ID: 5d435835fab0dc3195b6517d6951516f3137157ec6e8c2266632a1b779bcf95b
Opcode Fuzzy Hash: 9915d8dc1ebe59b2d2c8320b3d3f5773368ae601eab0ab67039430de386d0d2b
Instruction Fuzzy Hash: AF51E921A1D6C681FE62A715E4153BEE391AF887A0FC8023ADA5E477D5FE6CE0858710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DFA30, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 152COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,00000000,00000000,00007FF7DD3DFEB9), ref: 00007FF7DD3DFA55
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00000000,00000000,00007FF7DD3DFEB9), ref: 00007FF7DD3DFB6B

Part of subcall function 00007FF7DD3DA5F0: QueryPerformanceCounter.KERNEL32 ref: 00007FF7DD3DA628

Strings

@KL, xrefs: 00007FF7DD3DFBA4
@KL, xrefs: 00007FF7DD3DFBAB

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireCounterPerformanceQueryRelease
String ID: @KL$@KL
API String ID: 465813119-316066620
Opcode ID: 13936e8a3ce455dbf03b2c87fb57a7f1cb2d0559a520335e2e077c93c69f169b
Instruction ID: c34c32fe436212798e849eeb65379f03dc987932a6fd0f17ad6140554cd39c7f
Opcode Fuzzy Hash: 13936e8a3ce455dbf03b2c87fb57a7f1cb2d0559a520335e2e077c93c69f169b
Instruction Fuzzy Hash: 62615D72609B85C2DB64DB21E5A036DE3A1FB48B94F88413ACB9E43794FF78E455C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D8850, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3D898D
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3D89AD

Part of subcall function 00007FF7DD3D8490: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000006318FFF3E0,00000000,00007FF7DD3FA101), ref: 00007FF7DD3D84DB

Strings

PushOntoDelayedIncomingQueue, xrefs: 00007FF7DD3D88A0
../../base/task/sequence_manager/task_queue_impl.cc, xrefs: 00007FF7DD3D88A7

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: ../../base/task/sequence_manager/task_queue_impl.cc$PushOntoDelayedIncomingQueue
API String ID: 1678258262-2913814977
Opcode ID: 1d5e2ef9470035ea948ac6c410bdfcabc5ba2e465a0b40b285150ebf753010e1
Instruction ID: 1a2b4ff6ce91cc85cc7ec84c2bd655819e2b8af5ed3ab8a89b47ee260c9528d6
Opcode Fuzzy Hash: 1d5e2ef9470035ea948ac6c410bdfcabc5ba2e465a0b40b285150ebf753010e1
Instruction Fuzzy Hash: 9B41616260C68681EA11BB12E8147ADE764FB45B84FD84037DE8E07795EF3CE146C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E9110, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E91B3
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E91C3
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E922F

Part of subcall function 00007FF7DD3D8490: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000006318FFF3E0,00000000,00007FF7DD3FA101), ref: 00007FF7DD3D84DB

Strings

ThreadLocalEventBuffer, xrefs: 00007FF7DD3E9194

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$Acquire$CurrentReleaseThread
String ID: ThreadLocalEventBuffer
API String ID: 1385397084-137470936
Opcode ID: 8b7b71924257a5fe51d5bda308dfbe3cea59bc314a761701ca7af9eee02148d8
Instruction ID: 70ad1113ca785b668f55e62ff6dc15651a3892e25bb2f4dbcc9bb338fa4766de
Opcode Fuzzy Hash: 8b7b71924257a5fe51d5bda308dfbe3cea59bc314a761701ca7af9eee02148d8
Instruction Fuzzy Hash: E1417F72A0CA4AC1EE01AF15D4101AEF364EB89B94FD44237EE5E073A5EE3CD546C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FAA30, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 74threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3FAA9E

Strings

ScopedAllowBaseSyncPrimitivesOutsideBlockingScope, xrefs: 00007FF7DD3FAB16
file_name, xrefs: 00007FF7DD3FAAD3
function_name, xrefs: 00007FF7DD3FAADE

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: ScopedAllowBaseSyncPrimitivesOutsideBlockingScope$file_name$function_name
API String ID: 2882836952-147081419
Opcode ID: c98d2279651bf02b1329522ed77f9f5ccdfcafcbc9435787b3a2eca9410332ad
Instruction ID: 6dbf5d303a151b947fb0bdca73f58799730cc95303c93f0e4b108cebc2e7388a
Opcode Fuzzy Hash: c98d2279651bf02b1329522ed77f9f5ccdfcafcbc9435787b3a2eca9410332ad
Instruction Fuzzy Hash: EE31903291CBC988EB219F20E9013AEE7A4FB85784FC48236E98D03B55EF7CD1458750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D7C50, Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3D7DDD
_Init_thread_footer.LIBCMT ref: 00007FF7DD3D7E0F
_Init_thread_header.LIBCMT ref: 00007FF7DD3D7E20
_Init_thread_footer.LIBCMT ref: 00007FF7DD3D7E52

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID:
API String ID: 4092853384-0
Opcode ID: 0db006559a960d5d9b18b5292bb4203ffc8ca437987e284661d15e31be0c3f6d
Instruction ID: 2f0f2738dc958f340da1e02ab2bc5782ab3ef5d316571ce8f595f47eec625d5b
Opcode Fuzzy Hash: 0db006559a960d5d9b18b5292bb4203ffc8ca437987e284661d15e31be0c3f6d
Instruction Fuzzy Hash: 37613561A0D907C5EA50EB24D96067CE760AF44B64FD80237DA1F472E5EE3CE846CB30

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EA030, Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA070
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA0E3
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA163
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA1E1

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: aa40037ce87b3de73b3177096a5e6fd3f0baca88cddbdff00279849dc54d2988
Instruction ID: 93407f7ca59cff274befd8de9ccbeb242f1f9eadb2798d57af3ef8295b07fffc
Opcode Fuzzy Hash: aa40037ce87b3de73b3177096a5e6fd3f0baca88cddbdff00279849dc54d2988
Instruction Fuzzy Hash: 59515E75A0CB5582EA24AF16D45036DA3A0FB48B94FC84136DE4E47B91EF3CE4A1C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD445EE0, Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445F6B
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445F80
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445F96
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445FC8

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: 1a3a362a520b52ed36c88ada53ae4a7f1068db3e3c1f9243f34db1e42555750a
Instruction ID: fb91a242c3e5e0ee5e71862338e4ae4e9235a8f9774e0c5fc57ff83ffa6d5c41
Opcode Fuzzy Hash: 1a3a362a520b52ed36c88ada53ae4a7f1068db3e3c1f9243f34db1e42555750a
Instruction Fuzzy Hash: 55319611B1D64682FD24BB16A6582BDE311AF55BD5FC84432CE4F07F91FE6CF4868221

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E393E, Relevance: 6.1, APIs: 4, Instructions: 67threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E383D
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E3870
_Init_thread_header.LIBCMT ref: 00007FF7DD3E393E

Part of subcall function 00007FF7DD51EFE0: EnterCriticalSection.KERNEL32(?,?,00000062,00007FF7DD3EC6D0), ref: 00007FF7DD51EFF0

_Init_thread_footer.LIBCMT ref: 00007FF7DD3E3963

Part of subcall function 00007FF7DD51F4D8: EnterCriticalSection.KERNEL32(?,?,?,00007FF7DD3DADDA,?,?,?,?,00007FF7DD3DAA5C), ref: 00007FF7DD51F4E8
Part of subcall function 00007FF7DD51F4D8: LeaveCriticalSection.KERNEL32(?,?,?,00007FF7DD3DADDA,?,?,?,?,00007FF7DD3DAA5C), ref: 00007FF7DD51F528

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CriticalSection$CurrentEnterThread$Init_thread_footerInit_thread_headerLeave
String ID:
API String ID: 1837081680-0
Opcode ID: bc5b426d0a262d068d9ac2c0479e10cb9af9ae776d0ebf5e5338ad75c6589fbe
Instruction ID: 4623a4cc588b57015b93310fe483020748f36034c77888091cff08240514eb15
Opcode Fuzzy Hash: bc5b426d0a262d068d9ac2c0479e10cb9af9ae776d0ebf5e5338ad75c6589fbe
Instruction Fuzzy Hash: 4A311C36A0CA9581E660EB15F5403AEF3A4BB98794FD40136DE8D43B95EF3CE089CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D72F0, Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3D737F
_Init_thread_footer.LIBCMT ref: 00007FF7DD3D73AD
_Init_thread_header.LIBCMT ref: 00007FF7DD3D73BE

Part of subcall function 00007FF7DD51EFE0: EnterCriticalSection.KERNEL32(?,?,00000062,00007FF7DD3EC6D0), ref: 00007FF7DD51EFF0

_Init_thread_footer.LIBCMT ref: 00007FF7DD3D73EC

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header$CriticalEnterSection
String ID:
API String ID: 371409586-0
Opcode ID: 2082039254bb9a5ee2679f0324c2cc3a43c87019daf23e8b3d1a1a37e954c82e
Instruction ID: 6370d262737a8b0dde1420d3f44c3acd4204638140e387e1e6651e5bf6ca6434
Opcode Fuzzy Hash: 2082039254bb9a5ee2679f0324c2cc3a43c87019daf23e8b3d1a1a37e954c82e
Instruction Fuzzy Hash: 63210C65A0C61B81FA50F714EA502BCE761AF90758FD85137CD0F476A5FF2CB8468A70

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E35B0, Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E361C
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E3644
_Init_thread_header.LIBCMT ref: 00007FF7DD3E3664
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E3689

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireInit_thread_footerInit_thread_headerRelease
String ID:
API String ID: 2580794422-0
Opcode ID: c98659d3650768bb3f717d3fe593d1c97674f58424eb707cd5a52f8d4a8aff38
Instruction ID: 768e0eebf142cc7a179d15d498a50c735bb6773b2011f6efe38fb1b8c1b89378
Opcode Fuzzy Hash: c98659d3650768bb3f717d3fe593d1c97674f58424eb707cd5a52f8d4a8aff38
Instruction Fuzzy Hash: 27210721A1C65691E910FB11E99157CE360AF88791FD81237DD0F426E5EE2CB446C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD472F30, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

ThreadController::Suspended, xrefs: 00007FF7DD4731DF
ThreadController active, xrefs: 00007FF7DD473123

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID:
String ID: ThreadController active$ThreadController::Suspended
API String ID: 0-3364357523
Opcode ID: c105c0e8251bdcdaf43218feb5eb5a8af7361c9b8ffdd8b86c13353ca36b6c75
Instruction ID: e3b019701004afab5cf0aa95adee86a9f4507f2f7d271455dab8d58e91a2e28d
Opcode Fuzzy Hash: c105c0e8251bdcdaf43218feb5eb5a8af7361c9b8ffdd8b86c13353ca36b6c75
Instruction Fuzzy Hash: 7871C332B0D686D9EA10EB15E9542BDA7A0EB447A4FE84232DEAD07795EF3CE041C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E59E0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 171threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E5B6E

Strings

queue_name, xrefs: 00007FF7DD3E5BAD
SequenceManagerImpl::UnregisterTaskQueue, xrefs: 00007FF7DD3E5BE2

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: SequenceManagerImpl::UnregisterTaskQueue$queue_name
API String ID: 2882836952-1475601120
Opcode ID: bb773f1c10daacb51858ee3cfe06843005fe9a4a7576712bd9eb2a0a15dd39e7
Instruction ID: 6807f8de048a21594b1874a907566231082a2149b003556a928df5bf169ee66a
Opcode Fuzzy Hash: bb773f1c10daacb51858ee3cfe06843005fe9a4a7576712bd9eb2a0a15dd39e7
Instruction Fuzzy Hash: E5714B3660DB86C5EA51AF12E5507ADE7A0FB88B84FD4423ADE8D07795EF3CE0518320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD41A630, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD41A80D
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD41A86D

Strings

ThreadController active, xrefs: 00007FF7DD41A857, 00007FF7DD41A8B7

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: ThreadController active
API String ID: 2882836952-742296238
Opcode ID: 55cdac2cff164f1e15c462492fef7e4969c4bb1af3d146bbaba45c3cf0dc4df4
Instruction ID: afdde367f0b237e733ddcee859624da4cf8ed2b71abae687adf5c14c97c17fd0
Opcode Fuzzy Hash: 55cdac2cff164f1e15c462492fef7e4969c4bb1af3d146bbaba45c3cf0dc4df4
Instruction Fuzzy Hash: 67718132A0E64686EA20AF15D60536DF7A0AB447A4FE44336DE6D076C4EF7CE156C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD432AF0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7DD520970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7DD543457,?,?,?,00007FF7DD525777,?,?,00000000,00007FF7DD532781), ref: 00007FF7DD520996

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF7DD432CA9

Strings

[%s : %d] RAW: , xrefs: 00007FF7DD432B60
... (message truncated), xrefs: 00007FF7DD432BE6

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: FeaturePresentProcessor__std_exception_destroy
String ID: ... (message truncated)$[%s : %d] RAW:
API String ID: 2848415949-3262997248
Opcode ID: f725f8e3fc5cd2c420cb442bfa00d901a80ed95df4870b9fc28c71e181588a59
Instruction ID: aceb12681a65c2fd2de54ee40859b6d8b7406d4e81641a6f6b073349ba257ab2
Opcode Fuzzy Hash: f725f8e3fc5cd2c420cb442bfa00d901a80ed95df4870b9fc28c71e181588a59
Instruction Fuzzy Hash: 2C41BF32A0C65681EA10AF15E4416AEF7A4EB857D4FC44137EE8E47B99EF3CD50ACB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DE860, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DE945
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DEA05

Strings

task_type, xrefs: 00007FF7DD3DE97B

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: task_type
API String ID: 2882836952-4285383506
Opcode ID: c8b21fddea9571fdb03d68929ce90d25b0519b8a131a03a31ef4d8d91240370b
Instruction ID: fcfaaf9a3e5019209e674be620e81ce5a9f801e8aaafb93912faf8a449570bf3
Opcode Fuzzy Hash: c8b21fddea9571fdb03d68929ce90d25b0519b8a131a03a31ef4d8d91240370b
Instruction Fuzzy Hash: 0351C332A0C68585E750AF69A4507ADEBA0FB84794FD85236EE9E03B95EF3CE054C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD45EF70, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD45F0D8

Strings

Chrome.MessageLoopProblem.SET_TIMER_ERROR, xrefs: 00007FF7DD45F118
Chrome.MessageLoopProblem, xrefs: 00007FF7DD45F099

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: Chrome.MessageLoopProblem$Chrome.MessageLoopProblem.SET_TIMER_ERROR
API String ID: 2882836952-12461729
Opcode ID: ec904d1f49e162ed39bbb3376408ea086aebca9a68021df37e8b5513a0aa45f0
Instruction ID: ccb096d5eeabcddc1ad61f7031226de2996a1b7eda6319534b7635a3ded874a1
Opcode Fuzzy Hash: ec904d1f49e162ed39bbb3376408ea086aebca9a68021df37e8b5513a0aa45f0
Instruction Fuzzy Hash: AA41A23261D68682EB20EB11A45037EE7D0EB88B94FD44236EE5E47BD4EF3CE4458710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DE300, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DE3E6

Strings

delay_ms, xrefs: 00007FF7DD3DE418
RealTimeDomain::DelayTillNextTask, xrefs: 00007FF7DD3DE44E, 00007FF7DD3DE4BE

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: RealTimeDomain::DelayTillNextTask$delay_ms
API String ID: 2882836952-1505973704
Opcode ID: db21514dcb7c273c95d10c016e0ebe5e65dad2a202e18345c54b8865ec7e2580
Instruction ID: af140336a5ce156c09c6169e1c72c82262004029b0ed02bb68cda078e06aba75
Opcode Fuzzy Hash: db21514dcb7c273c95d10c016e0ebe5e65dad2a202e18345c54b8865ec7e2580
Instruction Fuzzy Hash: 4B516D2190CBC584E721AB55A8503FEFBA0AF95354FC8523AEACD16A55EF7CE085CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD5370DC, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF7DD5371F3
GetLastError.KERNEL32 ref: 00007FF7DD537215

Strings

U, xrefs: 00007FF7DD53719F

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 0e37e4294c18898e7b18a061adb92dd4b92b9cb49623f781fba012d40c96dfa0
Instruction ID: 0a4eed2874d768fed555fe5afb591947432f18fefdeab06cbaef21ca5ae16736
Opcode Fuzzy Hash: 0e37e4294c18898e7b18a061adb92dd4b92b9cb49623f781fba012d40c96dfa0
Instruction Fuzzy Hash: 1941B422A1CA8A85DB10AF25E8447AEA761FB98794FC44032EE4E87794EF7CD401C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E6260, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 99synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF7DD3FA75D

Strings

Wait, xrefs: 00007FF7DD3FA7C5
../../base/synchronization/waitable_event_win.cc, xrefs: 00007FF7DD3FA7CC

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ObjectSingleWait
String ID: ../../base/synchronization/waitable_event_win.cc$Wait
API String ID: 24740636-241924016
Opcode ID: ada3c3a422cacc9e5a151dad91bbe4eb9b39bac101fe172bbf42d3fa73fa839e
Instruction ID: e0fb48ad78b1f8e4d074c1aefaa92e98d74ee28bc43b5ac42971de2ab2fec72e
Opcode Fuzzy Hash: ada3c3a422cacc9e5a151dad91bbe4eb9b39bac101fe172bbf42d3fa73fa839e
Instruction Fuzzy Hash: AF41E621A0C6C585FB31A729E4057FEE7A0AFD5354FD4823ADA8D02695FF3DE0868B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EF2C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3EF3DF
_Init_thread_footer.LIBCMT ref: 00007FF7DD3EF42B

Strings

, xrefs: 00007FF7DD3EF312

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID:
API String ID: 4092853384-3916222277
Opcode ID: abe0da5520f4313adf917e42ad893ebbea801686db620b892f65b84c6fec2ada
Instruction ID: b8dead918ff23e1b97d32c3e27faf63fad6a72c1976db6bd4081cb1264a1b337
Opcode Fuzzy Hash: abe0da5520f4313adf917e42ad893ebbea801686db620b892f65b84c6fec2ada
Instruction Fuzzy Hash: 6E41903191CA96C1E611AB24E5403AEE7A4BF94754FC05336EE9E066E1FF7CF1868720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3D9FF0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DA097
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DA0F7

Strings

ThreadController active, xrefs: 00007FF7DD3DA0E1, 00007FF7DD3DA143

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: ThreadController active
API String ID: 2882836952-742296238
Opcode ID: 8695b305775770f8811442e15836a1b8d4915cf2c3a39f3d736533248f777c57
Instruction ID: 5076d104b8224faace90d20f8591f67601f3074d9aed14193cba61e1e7cce83f
Opcode Fuzzy Hash: 8695b305775770f8811442e15836a1b8d4915cf2c3a39f3d736533248f777c57
Instruction Fuzzy Hash: 5F417F32A0C786C5E720AB15E66036EE7E0BB94788FD85136DE4E03694EF7DE4958B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F5915, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON

Download Yara Rule

APIs

ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3F598D

Strings

MonitorNextJankWindowIfNecessary, xrefs: 00007FF7DD3F59F2
../../base/threading/scoped_blocking_call_internal.cc, xrefs: 00007FF7DD3F59F9

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLockRelease
String ID: ../../base/threading/scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary
API String ID: 1766480654-4084575106
Opcode ID: 0893621e69c271e3b968218f4ff27cc5446ef511945d892644966bbc232c23a4
Instruction ID: 4ab4b524d9b3c8c694a5cc32bef1ca35e256cea02f63fe7b5ccca810bdfc1aed
Opcode Fuzzy Hash: 0893621e69c271e3b968218f4ff27cc5446ef511945d892644966bbc232c23a4
Instruction Fuzzy Hash: 5A418B21A1C79AC4EE12FB61E4453FEE7A5AB41B85FC9443BD94E06292FE3CA055C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD41A8D0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD41A91D
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD41A995

Strings

ThreadController active, xrefs: 00007FF7DD41A967, 00007FF7DD41A9DF

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: ThreadController active
API String ID: 2882836952-742296238
Opcode ID: 576a85d7e9f4a649eaf64f22254d9741de793c31530949cf4742f0ecbea39742
Instruction ID: c18291de5de64d95505087c49fd315385bf4113bd10f9d754973fc471eb79224
Opcode Fuzzy Hash: 576a85d7e9f4a649eaf64f22254d9741de793c31530949cf4742f0ecbea39742
Instruction Fuzzy Hash: FD31C43291D78682E720AF24A5513AEF7E0BB84794FE85136DD8E43245EF3CE482C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EDC90, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3EDD32

Strings

Chrome.MessageLoopProblem, xrefs: 00007FF7DD3EDCFA
Chrome.MessageLoopProblem.MESSAGE_POST_ERROR, xrefs: 00007FF7DD3EDD7C

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: Chrome.MessageLoopProblem$Chrome.MessageLoopProblem.MESSAGE_POST_ERROR
API String ID: 2882836952-260003203
Opcode ID: e0bdd39629f94e8f9309321ebf97e51211acb55f14d659b634446e7ff284b8a7
Instruction ID: 0c9847d42d39d40e5ff3772c7c16340c7264175732aa80741b4308b01b67395a
Opcode Fuzzy Hash: e0bdd39629f94e8f9309321ebf97e51211acb55f14d659b634446e7ff284b8a7
Instruction Fuzzy Hash: 30218231A1C69686E720AB25F95076EA7A0AB98B84FD4513ADE4E43B94EF3CE041C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD544018, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF7DD544051
LCMapStringW.KERNEL32 ref: 00007FF7DD5440D9

Strings

LCMapStringEx, xrefs: 00007FF7DD544045

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Stringtry_get_function
String ID: LCMapStringEx
API String ID: 2588686239-3893581201
Opcode ID: c9154e718954ce0cc48431baa4e73692e780caf7a0179db1e55feb9a3cbe804f
Instruction ID: fcb2aa5c0772ecd20d7d76e1d92418dd00a547189601faf1cb57f1f3bbfa3e02
Opcode Fuzzy Hash: c9154e718954ce0cc48431baa4e73692e780caf7a0179db1e55feb9a3cbe804f
Instruction Fuzzy Hash: 1011293660CB8586D760DB06F4402AAB7A5FBC9B84F944136EE8E43B19EF3CD4508B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F9440, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3F9499
_Init_thread_footer.LIBCMT ref: 00007FF7DD3F9507

Strings

SharedMemoryTracker, xrefs: 00007FF7DD3F94E7

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: SharedMemoryTracker
API String ID: 4092853384-4257729663
Opcode ID: 71acea0d11b0c0065e26bf1ccbe7d52027d7ab616202daa67ab0b791c7f882f1
Instruction ID: 330aa71c42847503d87b4505180342b714e48e8502de1335c4105459c60cd925
Opcode Fuzzy Hash: 71acea0d11b0c0065e26bf1ccbe7d52027d7ab616202daa67ab0b791c7f882f1
Instruction Fuzzy Hash: 6F114C6191CA5A81EA10FB24E8806BDB364AB94750FC01237ED5F42BA1EE3CF185C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD520D0C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7DD521C93), ref: 00007FF7DD520D50
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7DD521C93), ref: 00007FF7DD520D96

Strings

csm, xrefs: 00007FF7DD520D83

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 8c1000bcb15f442ca7b8db2b3155eacf47d8028713f29548b38ffa2c71bac17f
Instruction ID: 3b6c6d7638932ba2902796c29e6a352954902398fa11e9443cd803bb2d728a3c
Opcode Fuzzy Hash: 8c1000bcb15f442ca7b8db2b3155eacf47d8028713f29548b38ffa2c71bac17f
Instruction Fuzzy Hash: 5F112E3261AB4582EB619B15F44035DBBA5FB84B84F984232EE8D07B54EF3CD555C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F63C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,?,00007FF7DD3F639D,?,?,?,00007FF7DD3F6381,?,?,?,00007FF7DD3DDC80), ref: 00007FF7DD3F63DC
GetProcAddress.KERNEL32(?,?,?,?,00007FF7DD3F639D,?,?,?,00007FF7DD3F6381,?,?,?,00007FF7DD3DDC80), ref: 00007FF7DD3F63EC

Strings

GetHandleVerifier, xrefs: 00007FF7DD3F63E2

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: 99696aeb022311ca4dce7bcd347c5f492dbce91ebea54896bbd3e5133cf8cda5
Instruction ID: e078b2a2b7483c25f62f321de5aa109d03173a729e83be3d61704f07851cfc77
Opcode Fuzzy Hash: 99696aeb022311ca4dce7bcd347c5f492dbce91ebea54896bbd3e5133cf8cda5
Instruction Fuzzy Hash: 55F0B220E0EA1BC1EE19BB35A8653BDD2916F44745FD4543FD81F422A0FE3DA5A98230

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F3C50, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3F3C88
_Init_thread_footer.LIBCMT ref: 00007FF7DD3F3CBE

Strings

dummy_histogram, xrefs: 00007FF7DD3F3C9D

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Init_thread_footerInit_thread_header
String ID: dummy_histogram
API String ID: 4092853384-2199933292
Opcode ID: 4b9888b21ba7aacfdaf84134cfeedf248216b0a74d8334184b17d7aad6236582
Instruction ID: 2baa97cb71b5e4f3ff46f9caee96321680669c4cddf1241aaf0e6bb1810815b6
Opcode Fuzzy Hash: 4b9888b21ba7aacfdaf84134cfeedf248216b0a74d8334184b17d7aad6236582
Instruction Fuzzy Hash: 66F0F664A0CA6AD5EA10FB14E9905BDB360BB41351FC01137DD1F422A1FE3CB599C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD543CBC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF7DD543CE5
TlsSetValue.KERNEL32(?,?,?,00007FF7DD54354A,?,?,?,00007FF7DD51F269,?,?,?,?,00007FF7DD5429D6,?,?,00000000), ref: 00007FF7DD543CFC

Strings

FlsSetValue, xrefs: 00007FF7DD543CD2

Memory Dump Source

Source File: 0000000E.00000002.1770408601.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000E.00000002.1770352387.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771242665.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771347840.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771523814.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000E.00000002.1771593643.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771665126.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000E.00000002.1771715831.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000E.00000002.1771856685.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Valuetry_get_function
String ID: FlsSetValue
API String ID: 738293619-3750699315
Opcode ID: 881b8ff1347d7087cbdc35237b78d32caef69fa9393fc77eb741cac2d332a54a
Instruction ID: 7408631d83bab467fd0b0d8c0dd326bd70faf46c7a21025c67a55d10bf9e8618
Opcode Fuzzy Hash: 881b8ff1347d7087cbdc35237b78d32caef69fa9393fc77eb741cac2d332a54a
Instruction Fuzzy Hash: 76E06561A0C60E81FB447B51F4055BDA262AF48B81FD84037DD5F062A5EE3CD854C321

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: wavebrowser.exe PID: 7032 Parent PID: 3124 wavebrowser.exeCOMMON

Executed Functions

Function 00007FF7DD3FBBF0, Relevance: 10.6, APIs: 7, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Init_thread_header.LIBCMT ref: 00007FF7DD3FBC59
GetVersionExW.KERNEL32 ref: 00007FF7DD3FBC8B
GetProductInfo.KERNEL32 ref: 00007FF7DD3FBCAD
_Init_thread_footer.LIBCMT ref: 00007FF7DD3FBD08
_Init_thread_header.LIBCMT ref: 00007FF7DD3FBD19

Part of subcall function 00007FF7DD51EFE0: EnterCriticalSection.KERNEL32(?,?,00000062,00007FF7DD3EC6D0), ref: 00007FF7DD51EFF0

GetNativeSystemInfo.KERNELBASE ref: 00007FF7DD3FBD3D
_Init_thread_footer.LIBCMT ref: 00007FF7DD3FBD6A

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: InfoInit_thread_footerInit_thread_header$CriticalEnterNativeProductSectionSystemVersion
String ID:
API String ID: 2554706446-0
Opcode ID: c8069e602f9475e68db5b94c4ac94fdda80f6adcaf274293ab25554fecc9f628
Instruction ID: 0c06af1dd807a13c2c059f649d9ca0053f7cea0bb250e6729015c4ad3985d907
Opcode Fuzzy Hash: c8069e602f9475e68db5b94c4ac94fdda80f6adcaf274293ab25554fecc9f628
Instruction Fuzzy Hash: D2416F75A1CA5A95F610EB24E990ABDB360BF94754FC05132DE4F03AA4EF3CB586C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FBE00, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 292
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7DD3FBE4C
IsWow64Process.KERNEL32 ref: 00007FF7DD3FBE62

Part of subcall function 00007FF7DD3FC430: RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00000000,00007FF7DD3FBF0F), ref: 00007FF7DD3FC477

Part of subcall function 00007FF7DD3FC4C0: RegQueryValueExW.KERNELBASE(?,?,00000000,?,00007FF7DD3FBF29), ref: 00007FF7DD3FC52F

Part of subcall function 00007FF7DD3FC360: RegCloseKey.KERNELBASE(?,?,00000000,00007FF7DD3FBF89), ref: 00007FF7DD3FC370

Strings

ReleaseId, xrefs: 00007FF7DD3FBF0F
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00007FF7DD3FBECF
UBR, xrefs: 00007FF7DD3FBEF3

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ProcessQueryValue$CloseCurrentWow64
String ID: ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR
API String ID: 290799532-4060060583
Opcode ID: 87082b2ce5035993e76724328a37260cf49258dd5109ac12af1c98a8c7f93684
Instruction ID: 497a5f4f142aae7a3220b3f9a572e6b2cc0e9dc6fb6544f495807a6573550267
Opcode Fuzzy Hash: 87082b2ce5035993e76724328a37260cf49258dd5109ac12af1c98a8c7f93684
Instruction Fuzzy Hash: E5D16172A0C68AC6EB649B29D8543BEE7A0FB44744FC4413ADB8E42690EF7CE495C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FA170, Relevance: 7.6, APIs: 5, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TlsGetValue.KERNEL32 ref: 00007FF7DD3FA18E
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF7DD3F9F35,?,?,?,00007FF7DD3DADCE,?,?,?,?,00007FF7DD3DAA5C), ref: 00007FF7DD3FA1CB
ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF7DD3F9F35,?,?,?,00007FF7DD3DADCE,?,?,?,?,00007FF7DD3DAA5C), ref: 00007FF7DD3FA227
_Init_thread_header.LIBCMT ref: 00007FF7DD3FA25E
_Init_thread_footer.LIBCMT ref: 00007FF7DD3FA293

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireInit_thread_footerInit_thread_headerReleaseValue
String ID:
API String ID: 3774927250-0
Opcode ID: 502b1df1fa35db6236006ba9e4c21170037bd2765f337a2856a58bd8e3c96da8
Instruction ID: 295a2bd75a1ab3de3365e740dc7b4795abbdcda13cb754ee2ecc3faf744436aa
Opcode Fuzzy Hash: 502b1df1fa35db6236006ba9e4c21170037bd2765f337a2856a58bd8e3c96da8
Instruction Fuzzy Hash: 13315D71A0C65AD6EA20AB25E9405BCE761AB947A0FD40237DA6F472E0FF3DB455C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DD2C0, Relevance: 7.6, APIs: 5, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TlsGetValue.KERNEL32 ref: 00007FF7DD3DD2F8
TlsSetValue.KERNEL32 ref: 00007FF7DD3DD324
TlsSetValue.KERNEL32 ref: 00007FF7DD3DD352
TlsFree.KERNEL32 ref: 00007FF7DD3DD3A2

Part of subcall function 00007FF7DD3DD510: TlsAlloc.KERNEL32(?,?,?,00007FF7DD3FA252,?,?,?,?,00007FF7DD3F9F35,?,?,?,00007FF7DD3DADCE), ref: 00007FF7DD3DD518

TlsFree.KERNEL32 ref: 00007FF7DD3DD3D6

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Value$Free$Alloc
String ID:
API String ID: 4173863045-0
Opcode ID: 81a979a1713467d81661ee10fef108a781d4fd24695aea7be257c2071ad1b613
Instruction ID: 491195a2e06ac07438c5c8fa9e074e8acf67b0070c63b8df8d8c1061f027da1b
Opcode Fuzzy Hash: 81a979a1713467d81661ee10fef108a781d4fd24695aea7be257c2071ad1b613
Instruction Fuzzy Hash: 9A316331A0C1468AE664B725A4605BEF3519F84794FC4433AFA6E0B7D9FE3CE5468F20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FC4C0, Relevance: 3.1, APIs: 2, Instructions: 70
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,?,00000000,?,00007FF7DD3FBF29), ref: 00007FF7DD3FC52F
ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7DD3FC5A2

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: EnvironmentExpandQueryStringsValue
String ID:
API String ID: 1756134249-0
Opcode ID: ec0a5452bfa70dc6b03257740cb68f32fc320bb3dc609aa105b4dbec7456e181
Instruction ID: ea49baff91700d120b5452f81dc183d748a10c1efa913b30fab0d6ffc8a83303
Opcode Fuzzy Hash: ec0a5452bfa70dc6b03257740cb68f32fc320bb3dc609aa105b4dbec7456e181
Instruction Fuzzy Hash: 0821A861B1C59581FB60AB26E8906EEE754FB847D0FD04037EE4E83B84EE3CD4498B60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FC430, Relevance: 1.5, APIs: 1, Instructions: 41
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00000000,00007FF7DD3FBF0F), ref: 00007FF7DD3FC477

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 6f4f6532d7fc801cecaf7926ca0465425f51fb5bb382d2069ec9fbb1da2adec6
Instruction ID: dfac1fa8bb2ad9889555f5ea8f1b63b3fb66d4064c0776f095480db7683c9721
Opcode Fuzzy Hash: 6f4f6532d7fc801cecaf7926ca0465425f51fb5bb382d2069ec9fbb1da2adec6
Instruction Fuzzy Hash: 8101AD32618645C6E7519F28E88026EF3A4EB847A0F945032EA8E83B54EE3CD8008B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E86F0, Relevance: 1.5, APIs: 1, Instructions: 26
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000318,?,?,00007FF7DD51EFB3,?,?,?,00007FF7DD3D13B2,?,?,?,00007FF7DD3D1298), ref: 00007FF7DD3E870A

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e8dd1281c0960b0203101ac5dec9e439b2352e7326a5c791374b8b090f7a55bb
Instruction ID: 650a1a379d76416644a09cc1b07808c15ddefbbf4f17c4b4904d1e6315f63b61
Opcode Fuzzy Hash: e8dd1281c0960b0203101ac5dec9e439b2352e7326a5c791374b8b090f7a55bb
Instruction Fuzzy Hash: 8DE06D15E0C27582FE6567166A0067EC6804F99FE4ED85136CD5D02BC1BD2CA4826A20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD51EF94, Relevance: 1.5, APIs: 1, Instructions: 22
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7DD3E86F0: RtlAllocateHeap.NTDLL(00000318,?,?,00007FF7DD51EFB3,?,?,?,00007FF7DD3D13B2,?,?,?,00007FF7DD3D1298), ref: 00007FF7DD3E870A

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7DD51EFC4

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AllocateConcurrency::cancel_current_taskHeap
String ID:
API String ID: 333155141-0
Opcode ID: 7b17771b04e162475a79c3c13009f3bd849e272a71b8b30aded75a1b6439d4c2
Instruction ID: 13ea5f303f42bd54f30f70ce8fef7392d127fe929365a9af458b1e08150c9425
Opcode Fuzzy Hash: 7b17771b04e162475a79c3c13009f3bd849e272a71b8b30aded75a1b6439d4c2
Instruction Fuzzy Hash: 1BE0B600E2D14F81FD283AA114564BDD4440F59370EEC1B36ED3F692C2BD2CA4A94170

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3FC360, Relevance: 1.5, APIs: 1, Instructions: 22
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCloseKey.KERNELBASE(?,?,00000000,00007FF7DD3FBF89), ref: 00007FF7DD3FC370

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 08753ffdae15352fe3e5036fbf7c1b6256ee87d894a2fee4f933ea24982d0233
Instruction ID: ab10879f4eb2c7bcde682e27ded5d8a110be5544965f9d56f38f74c0a15c3b1f
Opcode Fuzzy Hash: 08753ffdae15352fe3e5036fbf7c1b6256ee87d894a2fee4f933ea24982d0233
Instruction Fuzzy Hash: 45E06D76A0AB09C2FF259B66F0903A9A260EB48B44F948032CB5E07B90EF7DD4818300

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF7DD3D9550, Relevance: 14.4, APIs: 3, Strings: 5, Instructions: 409threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3D9A67
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3D9B86
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3D9D3C

Strings

RunTask, xrefs: 00007FF7DD3D9BD3
SequenceManager RunTask, xrefs: 00007FF7DD3D9836
ThreadControllerImpl::DoWork, xrefs: 00007FF7DD3D9AAD
ThreadController: application tasks disallowed, xrefs: 00007FF7DD3D9D80
ThreadControllerImpl::RunTask, xrefs: 00007FF7DD3D96B7

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: RunTask$SequenceManager RunTask$ThreadController: application tasks disallowed$ThreadControllerImpl::DoWork$ThreadControllerImpl::RunTask
API String ID: 2882836952-2544356614
Opcode ID: 40dcd4b10a0d91a12dce313746f6ceba0a4b3b57baf7de59a3a194bfee19c342
Instruction ID: 9ad36d6e64d51cd2b7ac449f5300d388b4ab8808e8b4b958139d7b5cb931e87d
Opcode Fuzzy Hash: 40dcd4b10a0d91a12dce313746f6ceba0a4b3b57baf7de59a3a194bfee19c342
Instruction Fuzzy Hash: 6B225F31A0CAC6C5E661AB25E5513EEE7A0FB84794FC8413ADA8D07795EF3CE054CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD532534, Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF7DD5325AD
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7DD5325C5
RtlVirtualUnwind.KERNEL32 ref: 00007FF7DD532600
IsDebuggerPresent.KERNEL32 ref: 00007FF7DD532639
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7DD532643
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7DD53264E

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 3ea562e2f8e7a4318af99a092c1169bc9dda556f248615854f2b11d062294bb1
Instruction ID: 0ede1efe9dcfdd2833cca7c8a0ce6f9256e7ba6b5fa1c06a8744bee952612a05
Opcode Fuzzy Hash: 3ea562e2f8e7a4318af99a092c1169bc9dda556f248615854f2b11d062294bb1
Instruction Fuzzy Hash: 15317F36608F8585DB609B25E8406AEB3A4FB88754FD40136EE9E43B58EF38C159CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3ECDC0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3ECFA0
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3ED044

Strings

MessagePumpForUI::WaitForWork GetQueueStatus, xrefs: 00007FF7DD3ECFED, 00007FF7DD3ED022
MessagePumpForUI::WaitForWork PeekMessage, xrefs: 00007FF7DD3ED09F, 00007FF7DD3ED0E2

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: MessagePumpForUI::WaitForWork GetQueueStatus$MessagePumpForUI::WaitForWork PeekMessage
API String ID: 2882836952-3056387654
Opcode ID: efcd120020928fb2f9748679d09c33d511815909317ccfe57d198f94718f2f5a
Instruction ID: 43151a76a202b81cb6193d7b03f30b5521341770d7b73ef81885bb1793b95603
Opcode Fuzzy Hash: efcd120020928fb2f9748679d09c33d511815909317ccfe57d198f94718f2f5a
Instruction Fuzzy Hash: 6BA1517261C68685E720AB29E4113AEF7E0FB89754FC4523AEA9D43795EF3CE045CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E85A0, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 93libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF7DD3E8658
GetProcAddress.KERNEL32 ref: 00007FF7DD3E866E
FreeLibrary.KERNEL32 ref: 00007FF7DD3E8693
GetModuleHandleExW.KERNEL32 ref: 00007FF7DD3E86DF

Strings

Google.Chrome, xrefs: 00007FF7DD3E85AA
EventSetInformation, xrefs: 00007FF7DD3E8667
api-ms-win-eventing-provider-l1-1-0.dll, xrefs: 00007FF7DD3E864D
advapi32.dll, xrefs: 00007FF7DD3E86CF

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID: EventSetInformation$Google.Chrome$advapi32.dll$api-ms-win-eventing-provider-l1-1-0.dll
API String ID: 3947729631-1037291142
Opcode ID: e0118fe434a9e0d62070b9cdb7bf355e07768046950d393a9f2f0cfe58c6398e
Instruction ID: 5588de113f1cfce091231532d0d230535adf0fe6db23cd746f8f60aea66158a9
Opcode Fuzzy Hash: e0118fe434a9e0d62070b9cdb7bf355e07768046950d393a9f2f0cfe58c6398e
Instruction Fuzzy Hash: B0316271A0C65682E720AB12E94067EE3A5FB9CB94FC44137DE5F47790EE3CE5058310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E5EC0, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 180threadCOMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E5F6A
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E5F9A
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3E6137

Strings

TaskQueueImpl::UnregisterTaskQueue, xrefs: 00007FF7DD3E6177
../../base/task/sequence_manager/task_queue_impl.cc, xrefs: 00007FF7DD3E5F29
UnregisterTaskQueue, xrefs: 00007FF7DD3E5F22
SequenceManagerImpl::UnregisterTaskQueue, xrefs: 00007FF7DD3E5EC6

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread
String ID: ../../base/task/sequence_manager/task_queue_impl.cc$SequenceManagerImpl::UnregisterTaskQueue$TaskQueueImpl::UnregisterTaskQueue$UnregisterTaskQueue
API String ID: 135963836-340724832
Opcode ID: d75d3a1234f69bde1e2c14f2a8c856ef7bc6c21922fe9001a17d7c986dc218c4
Instruction ID: 9fd7a2682408c909f76d3385bc74e4502bf977ae63512ff5e690bfbcaac62f42
Opcode Fuzzy Hash: d75d3a1234f69bde1e2c14f2a8c856ef7bc6c21922fe9001a17d7c986dc218c4
Instruction Fuzzy Hash: 6F81A421A0C795D2EA15AB21D5103BEE350BF49794FC4463ADE5E07AC6EF3CE466C321

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DADF0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 203threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DB027

Strings

TaskAnnotator::RunTask, xrefs: 00007FF7DD3DB09F
ipc_hash, xrefs: 00007FF7DD3DB067

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: TaskAnnotator::RunTask$ipc_hash
API String ID: 2882836952-1447593005
Opcode ID: 1cd760cf5afc7f5920ad17c2206adabbe06743f8528c5b40f653553f15f1b5be
Instruction ID: 5e8a10f619054541c1bc277f782b5ecb3185a1b69b7ec29552379eadd5493417
Opcode Fuzzy Hash: 1cd760cf5afc7f5920ad17c2206adabbe06743f8528c5b40f653553f15f1b5be
Instruction Fuzzy Hash: A9A14C3290CBC585E660AB25E9503AEF7A4FB94794FC4513AEA8D477A5EF3CE044CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EDDE0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 177timeCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32 ref: 00007FF7DD3EDE57
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7DD3EDF17
GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7DD3EDF67

Strings

gfffffff, xrefs: 00007FF7DD3EDF6D
gfffffff, xrefs: 00007FF7DD3EDF1D

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Time$FileSystem$CounterPerformanceQuery
String ID: gfffffff$gfffffff
API String ID: 3444630516-161084747
Opcode ID: 79cf0b217f42fe8f336ea9a0ee9c2e51dd2828aed7d81c4e648f98708e072c1e
Instruction ID: 23109a0e46a81a838ef96477e6d8722558419f0658e262e6c97ccbebe5087182
Opcode Fuzzy Hash: 79cf0b217f42fe8f336ea9a0ee9c2e51dd2828aed7d81c4e648f98708e072c1e
Instruction Fuzzy Hash: C5517371B1D74A81EA54DB16F94466DE3A1AB88BE0FC85236DD5F477E4EE3CE0418310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3F6060, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 00007FF7DD3F6132
GetLastError.KERNEL32 ref: 00007FF7DD3F617F

Strings

../../base/files/file_win.cc, xrefs: 00007FF7DD3F60BC
File::Read, xrefs: 00007FF7DD3F619C
Read, xrefs: 00007FF7DD3F60B5

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: ../../base/files/file_win.cc$File::Read$Read
API String ID: 1948546556-1732825555
Opcode ID: c0f8fa8257e0b3fde6fdd0398578883eb7e06551f86c32ed86b0847f879c57c1
Instruction ID: 18bd362679febcede6ae135c0033071540a800b1bc933c8a4c452d42243cf29d
Opcode Fuzzy Hash: c0f8fa8257e0b3fde6fdd0398578883eb7e06551f86c32ed86b0847f879c57c1
Instruction Fuzzy Hash: 9F31F321A1C99A91FA22AB24E8016FEE364BF94794FC45232ED4D03691FE3DE156C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD5366EC, Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7DD53672E
GetConsoleMode.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF7DD520A73,?,?,?,00000000), ref: 00007FF7DD5367EC
GetLastError.KERNEL32(?,?,?,?,?,00000000,?,?,00000000,00000000,?,00007FF7DD520A73,?,?,?,00000000), ref: 00007FF7DD536876

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
String ID:
API String ID: 2210144848-0
Opcode ID: 65279237fb41dd2b1aee5c90d38c38541353cac6e46d496fe6443cc427d3fe14
Instruction ID: 5516163963517517214174f0ae77c6e4bdfb279c3fc470790f078dcf7189dcab
Opcode Fuzzy Hash: 65279237fb41dd2b1aee5c90d38c38541353cac6e46d496fe6443cc427d3fe14
Instruction Fuzzy Hash: 06819F22E1C65A89FB10BB6588406BCA7A1BB44B94FD4413BDE0F53795EFBCA445C730

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E8822, Relevance: 6.2, APIs: 4, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 675022829f70c38b133e90a24b4cc93472c38fe99d713b62ece42f7289048e64
Instruction ID: 44e1da823f39fb0ba05d8e3e4ca423db695d3e141b58f5a5fc83c6d2c8cc39f3
Opcode Fuzzy Hash: 675022829f70c38b133e90a24b4cc93472c38fe99d713b62ece42f7289048e64
Instruction Fuzzy Hash: AF817036A0DA8586EA60DB15E5403AEF3A1EB89794FC44236DE9E437E5EF3CE440C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3EA060, Relevance: 6.1, APIs: 4, Instructions: 107COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA070
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA0E3
TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA163
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3EA1E1

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: 2214e66a6697b5448557bbbfc21a38b3e046f274c2ff799358cfc328b98344b0
Instruction ID: 4a481a7890effa3350ebc7c78657f970bd044ebc482ba3ebe8cfe7f0ff7be699
Opcode Fuzzy Hash: 2214e66a6697b5448557bbbfc21a38b3e046f274c2ff799358cfc328b98344b0
Instruction Fuzzy Hash: 0F414A76A0CB5692EA24EF16D15036DA3A0FB48B94FC84136CF4D47B81EF38E4A5C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD445EE0, Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445F6B
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445F80
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445F96
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7DD41A317,?,?,?,?,00007FF7DD3F4846,?,?,?), ref: 00007FF7DD445FC8

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: 1a3a362a520b52ed36c88ada53ae4a7f1068db3e3c1f9243f34db1e42555750a
Instruction ID: fb91a242c3e5e0ee5e71862338e4ae4e9235a8f9774e0c5fc57ff83ffa6d5c41
Opcode Fuzzy Hash: 1a3a362a520b52ed36c88ada53ae4a7f1068db3e3c1f9243f34db1e42555750a
Instruction Fuzzy Hash: 55319611B1D64682FD24BB16A6582BDE311AF55BD5FC84432CE4F07F91FE6CF4868221

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3E35B0, Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E361C
ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7DD3E3644
_Init_thread_header.LIBCMT ref: 00007FF7DD3E3664
_Init_thread_footer.LIBCMT ref: 00007FF7DD3E3689

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: ExclusiveLock$AcquireInit_thread_footerInit_thread_headerRelease
String ID:
API String ID: 2580794422-0
Opcode ID: 6416512325598dec79793aaadd932f54c7c20ef1a3a245323a27b9dc5c7dfa81
Instruction ID: 768e0eebf142cc7a179d15d498a50c735bb6773b2011f6efe38fb1b8c1b89378
Opcode Fuzzy Hash: 6416512325598dec79793aaadd932f54c7c20ef1a3a245323a27b9dc5c7dfa81
Instruction Fuzzy Hash: 27210721A1C65691E910FB11E99157CE360AF88791FD81237DD0F426E5EE2CB446C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD41A630, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD41A80D
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD41A86D

Strings

ThreadController active, xrefs: 00007FF7DD41A857, 00007FF7DD41A8B7

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: ThreadController active
API String ID: 2882836952-742296238
Opcode ID: a4a842c3b4b2c615f60759e868138a8b6707fdae5fa70f5630a24b241a0ebe04
Instruction ID: afdde367f0b237e733ddcee859624da4cf8ed2b71abae687adf5c14c97c17fd0
Opcode Fuzzy Hash: a4a842c3b4b2c615f60759e868138a8b6707fdae5fa70f5630a24b241a0ebe04
Instruction Fuzzy Hash: 67718132A0E64686EA20AF15D60536DF7A0AB447A4FE44336DE6D076C4EF7CE156C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD3DE860, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DE945
GetCurrentThreadId.KERNEL32 ref: 00007FF7DD3DEA05

Strings

task_type, xrefs: 00007FF7DD3DE97B

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: CurrentThread
String ID: task_type
API String ID: 2882836952-4285383506
Opcode ID: c8b21fddea9571fdb03d68929ce90d25b0519b8a131a03a31ef4d8d91240370b
Instruction ID: fcfaaf9a3e5019209e674be620e81ce5a9f801e8aaafb93912faf8a449570bf3
Opcode Fuzzy Hash: c8b21fddea9571fdb03d68929ce90d25b0519b8a131a03a31ef4d8d91240370b
Instruction Fuzzy Hash: 0351C332A0C68585E750AF69A4507ADEBA0FB84794FD85236EE9E03B95EF3CE054C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7DD42E5B0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 103COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 00007FF7DD42E6C9

Strings

../../base/files/file_util_win.cc, xrefs: 00007FF7DD42E695
PathExists, xrefs: 00007FF7DD42E68E

Memory Dump Source

Source File: 0000000F.00000002.1773240710.00007FF7DD3D1000.00000020.00020000.sdmp, Offset: 00007FF7DD3D0000, based on PE: true

Associated: 0000000F.00000002.1773214635.00007FF7DD3D0000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773724226.00007FF7DD553000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773824769.00007FF7DD57E000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1773931993.00007FF7DD59F000.00000008.00020000.sdmp Download File
Associated: 0000000F.00000002.1773974176.00007FF7DD5A0000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774009990.00007FF7DD5A5000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774029861.00007FF7DD5A7000.00000004.00020000.sdmp Download File
Associated: 0000000F.00000002.1774077322.00007FF7DD5A9000.00000002.00020000.sdmp Download File
Associated: 0000000F.00000002.1774150370.00007FF7DD5BB000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_7ff7dd3d0000_wavebrowser.jbxd

Similarity

API ID: AttributesFile
String ID: ../../base/files/file_util_win.cc$PathExists
API String ID: 3188754299-1196770437
Opcode ID: 0f9128bd61adb8da08ca46155a4c53bb694c4d95165ec6c370ea83dbfd3f75c4
Instruction ID: 75da4af49d28374a04e5bbef2383dfc1d685e8a77f93573cfb0f3abd306ae241
Opcode Fuzzy Hash: 0f9128bd61adb8da08ca46155a4c53bb694c4d95165ec6c370ea83dbfd3f75c4
Instruction Fuzzy Hash: 4B311812B0D59951FA25AB29A9017FDA760AF54BE4FC80432DE4D07B90FE3CE5978310

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access and remote desktop. Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	AWS CloudTrail logs, Authentication logs, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the search order used to load DLLs. Windows systems use a common method to look for required DLLs to load into a program. Hijacking DLL loads may be for the purpose of establishing persistence as well as elevating privileges and/or evading restrictions on file execution.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	DLL monitoring, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Wave Browser_cg5vc6cx_.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

AV Detection:

Privilege Escalation:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

DDoS:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre