Loading ...

Play interactive tourEdit tour

Analysis Report Wave Browser_cg5vc6cx_.exe

Overview

General Information

Sample Name:Wave Browser_cg5vc6cx_.exe
Analysis ID:407799
MD5:5d999339f21d3a6b4ee9726874d6fbc5
SHA1:a8dcf803b4a15d0fb5dde36dbee571d2f3fa53b0
SHA256:33111d45c6e463b267685b51faefb49565d3e517a30940338e285c52e019e1a6
Infos:

Most interesting Screenshot:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:21
Range:0 - 100

Signatures

Creates a thread in another existing process (thread injection)
Found API chain indicative of debugger detection
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a process as a different user
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
DLL planting / hijacking vulnerabilities found
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file contains strange resources
Queries keyboard layouts
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Startup

  • System is w10x64
  • Wave Browser_cg5vc6cx_.exe (PID: 6284 cmdline: 'C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exe' MD5: 5D999339F21D3A6B4EE9726874D6FBC5)
    • setup.exe (PID: 3028 cmdline: 'C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe' --install-archive='C:\Users\user\AppData\Local\Temp\nseBA51.tmp\wavebrowser.packed.7z' --do-not-register-for-update-launch --make-chrome-default MD5: C0364BBC1A78CE97482F4A0B0DDBAD08)
      • setup.exe (PID: 7124 cmdline: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0x25c,0x260,0x264,0x218,0x268,0x7ff6786bd0a0,0x7ff6786bd0b0,0x7ff6786bd0c0 MD5: C0364BBC1A78CE97482F4A0B0DDBAD08)
      • setdf.exe (PID: 7108 cmdline: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setdf.exe 'C:\Users\user\AppData\Local\Temp\af85ff68-db96-4195-b531-f1a4aee5bead.tmp' MD5: 6573AEE829B967E22C3B984DF199250B)
        • conhost.exe (PID: 5860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • wavebrowser.exe (PID: 3124 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --prevdefbrowser=2 --install-type=1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 4928 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=crashpad-handler '--user-data-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler '--database=C:\Users\user\AppData\Local\WaveBrowser\User Data\Crashpad' '--metrics-dir=C:\Users\user\AppData\Local\WaveBrowser\User Data' --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.7 --initial-client-data=0xd4,0xc0,0xbc,0xb0,0xc8,0x7ffa9be28e90,0x7ffa9be28ea0,0x7ffa9be28eb0 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 6748 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=gpu-process --start-stack-profiler --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1540 /prefetch:2 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 7032 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --start-stack-profiler --mojo-platform-channel-handle=1796 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 7072 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 1376 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 6800 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 6492 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 4296 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 6840 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=renderer --lang=en-US --instant-process --start-stack-profiler --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 7012 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 5524 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 2088 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5820 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 6456 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 6864 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5932 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 6828 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 5588 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 4944 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 6548 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 5088 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5936 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
        • wavebrowser.exe (PID: 7016 cmdline: 'C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exe' --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5380 /prefetch:8 MD5: D01181033AE0FD1E5C8D09DF0AAA70CF)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results
Source: 0.1.Wave Browser_cg5vc6cx_.exe.729e0000.2.unpackAvira: Label: TR/Crypt.XPACK.Gen7
Source: 0.1.Wave Browser_cg5vc6cx_.exe.729e0000.1.unpackAvira: Label: TR/Crypt.XPACK.Gen7
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: WINSTA.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: LINKINFO.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: ncrypt.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: WTSAPI32.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: CompPkgSup.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: DMCmnUtils.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: VERSION.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: dxva2.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: dwmapi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: mfplat.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: MDMRegistration.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: DEVOBJ.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: CRYPTBASE.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: ColorAdapterClient.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: NTASN1.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: evr.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: D3DCompiler_47.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: DCIMAN32.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: mfperfhelper.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: mscms.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: dxgi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: RTWorkQ.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: OLEACC.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: KBDUS.DLLJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: msauddecmft.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: msmpeg2vdec.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: msvproc.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: mf.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: ddraw.dll
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeEXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeEXE: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\Installer\setup.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeEXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser_proxy.exeJump to behavior

Compliance:

barindex
DLL planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: WINSTA.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: LINKINFO.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: ncrypt.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: WTSAPI32.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: CompPkgSup.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: DMCmnUtils.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: VERSION.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: dxva2.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: dwmapi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: mfplat.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: MDMRegistration.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: DEVOBJ.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: CRYPTBASE.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: ColorAdapterClient.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: NTASN1.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: evr.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: D3DCompiler_47.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: DCIMAN32.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: mfperfhelper.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: mscms.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: dxgi.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: RTWorkQ.DLL
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: OLEACC.dllJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: KBDUS.DLLJump to behavior
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: msauddecmft.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: msmpeg2vdec.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: msvproc.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: mf.dll
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeDLL: ddraw.dll
EXE planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeEXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeEXE: C:\Users\user\Wavesor Software\WaveBrowser\1.1.0.7\Installer\setup.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeEXE: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser_proxy.exeJump to behavior
Uses 32bit PE filesShow sources
Source: Wave Browser_cg5vc6cx_.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Creates a software uninstall entryShow sources
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WaveBrowserJump to behavior
Creates install or setup log fileShow sources
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\wavebrowser_installer.logJump to behavior
Creates license or readme fileShow sources
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeFile created: C:\Users\user\AppData\Local\Temp\3124_696802910\LICENSE.txtJump to behavior
PE / OLE file has a valid certificateShow sources
Source: Wave Browser_cg5vc6cx_.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 143.204.209.86:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.198.11.52:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.198.81.120:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.198.81.120:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.109:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.2.109:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.198.11.52:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.72.140.231:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.23.34.82:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.23.34.82:443 -> 192.168.2.4:49799 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
Source: Wave Browser_cg5vc6cx_.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Binary contains paths to debug symbolsShow sources
Source: Binary string: setup.exe.pdb source: Wave Browser_cg5vc6cx_.exe, 00000000.00000002.752562474.0000000005CB3000.00000004.00000001.sdmp, setup.exe, 00000004.00000002.746498578.00007FF678695000.00000002.00020000.sdmp, setup.exe, 00000005.00000002.749301566.00007FF678695000.00000002.00020000.sdmp
Source: Binary string: wavebrowser.exe.pdb source: setup.exe, 00000004.00000003.726318035.00000236057B1000.00000004.00000001.sdmp
Source: Binary string: wavebrowser_proxy.exe.pdb source: setup.exe, 00000004.00000003.734313894.00000236058B1000.00000004.00000001.sdmp
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exeCode function: 0_2_0040626D FindFirstFileA,FindClose,0_2_0040626D
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exeCode function: 0_2_00405732 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405732
Source: C:\Users\user\Desktop\Wave Browser_cg5vc6cx_.exeCode function: 0_2_004026FE FindFirstFileA,0_2_004026FE
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeCode function: 4_2_00007FF67845AC9D FindFirstFileExW,4_2_00007FF67845AC9D
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeCode function: 5_2_00007FF67845AC9D FindFirstFileExW,5_2_00007FF67845AC9D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeCode function: 12_2_00007FF7DD3F425D FindFirstFileExW,12_2_00007FF7DD3F425D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeCode function: 14_2_00007FF7DD3F425D FindFirstFileExW,14_2_00007FF7DD3F425D
Source: C:\Users\user\Wavesor Software\WaveBrowser\wavebrowser.exeCode function: 15_2_00007FF7DD3F425D FindFirstFileExW,15_2_00007FF7DD3F425D
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nseBA51.tmp\setup.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: Joe Sandbox ViewIP Address: 151.101.2.109 151.101.2.109
Source: Joe Sandbox ViewJA3 fingerprint: b32309a26951912be7dba376398abc3b
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.19.115
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.19.115
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.19.115
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.217.20.10
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: unknownTCP traffic detected without corresponding DNS query: 151.101.2.109
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmpString found in binary or memory: !-us1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"*Shockwave Flash*","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"*Chromium PDF Viewer*","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"*Chromium PDF Plugin*","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"x-version":62},"resource_cache_update":"1620447717.985201"},"policy":{"last_statistics_update":"13264921254244811"},"privacy_budget":{"generation":1,"randomizer_seed":"7292703696600211514"},"profile":{"info_cache":{"Default":{"active_time":1620447664.255391,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_given_name":"","gaia_id":"","gaia_name":"","is_consented_primary_account":false,"is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":t
Source: setup.exe, 00000004.00000002.741629920.0000023603A65000.00000004.00000020.sdmpString found in binary or memory: ":"www.mywavehome.net","uc":"20210508","dfn":"Wave Browser","domain":"wavebrowser.co","re_url":"http://","source":"-lp0-bb6-brwsr","user_id":"ff016ddb-5584-4b46-b38e-499f2baf1385","useragent":"BRWSR-GENERIC","adprovider":"appfocus1","implementation_id":"wav","keyword":null,"Branding":"wav","Vertical":"","IpAddress":"50.234.242.107","CampaignId":null,"HasOffersId":null,"AwConversionId":null,"AwAccountNumber":null,"ConversionValue":2.5,"GoogleAnalyticsId":null,"HasOffersTransactionId":null,"ShouldFirePixel":false,"GoogleClickId":null,"seUrl":"https://search.yahoo.com/search?p={searchTerms}","tsj":null,"StubStarted":false} equals www.yahoo.com (Yahoo)
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmpString found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"*Shockwave Flash*","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"*Chromium PDF Viewer*","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"*Chromium PDF Plugin*","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version infor
Source: wavebrowser.exe, 0000000B.00000002.1781626022.000002B257FCA000.00000004.00000001.sdmpString found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"*Shockwave Flash*","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"*Chromium PDF Viewer*","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"*Chromium PDF Plugin*","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version infor
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmpString found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\"useragent\":\"BRWSR-GENERIC\",\"adprovider\":\"appfocus1\",\"implementation_id\":\"wav\",\"keyword\":null,\"Branding\":\"wav\",\"Vertical\":\"\",\"IpAddress\":\"50.234.242.107\",\"CampaignId\":null,\"HasOffersId\":null,\"AwConversionId\":null,\"AwAccountNumber\":null,\"ConversionValue\":2.5,\"GoogleAnalyticsId\":null,\"HasOffersTransactionId\":null,\"ShouldFirePixel\":false,\"GoogleClickId\":null,\"seUrl\":\"https://search.yahoo.com/search?p={searchTerms}\",\"tsj\":null,\"StubStarted\":false}","json_config_time":"13264921245122546","legacy":{"profile":{"name":{"migrated":true}}},"origin_trials":{"disabled_features":["SecurePaymentConfirmation"]},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPrv0rAFeoQZRKGcQxd6LtAAAAAAIAAAAAABBmAAAAAQAAIAAAAA8SHBLWwqsGroyn91MY2EqduEolAEmZ/+B5tC8CUNt6AAAAAA6AAAAAAgAAIAAAAA9n6HKbVuKdWy3BaRc0oKvxOyWKzJGKyjnVJSzbOFgOMAAAADuZW/I+VRGz+fFOiyZ05A/SVou8y7cl61EWdKsgTNCmjXSZPuiwf7B0bqoBrYCOIkAAAAC+gcWt/nN5EVwT+6eBOWrAb7Hmbop52e0yPIh2ImN8zl9OkxcERg5OtjTxmI33e/DeEFF3zNZAxGYTOqIGssj+"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245922715696157"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"*Shockwave Flash*","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://www.adobe.com/products/flashplayer/end-of-life.html","versions":[{"reference":"https://www.adobe.com/products/flashplayer/end-of-life.html","status":"requires_authorization","version":"32.0.0.466"}]},"chromium-pdf":{"group_name_matcher":"*Chromium PDF Viewer*","mime_types":[],"name":"Chromium PDF Viewer","versions":[{"comment":"Chromium PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"chromium-pdf-plugin":{"group_name_matcher":"*Chromium PDF Plugin*","mime_types":[],"name":"Chromium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version infor
Source: wavebrowser.exe, 0000000B.00000002.1781566669.000002B257F99000.00000004.00000001.sdmpString found in binary or memory: ,"show_times":"regular_intervals","sl":true,"st":0},"dfcfg_time":"13264921264308598","dseurl":"https://search.yahoo.com/search?p={searchTerms}","hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"json_config":"{\"stub\":1,\"ConversionPixelThrottle\":100,\"Installed\":false,\"ntp\":\"www.mywavehome.net\",\"uc\":\"20210508\",\"dfn\":\"Wave Browser\",\"domain\":\"wavebrowser.co\",\"re_url\":\"http://\",\"source\":\"-lp0-bb6-brwsr\",\"user_id\":\"ff016ddb-5584-4b46-b38e-499f2baf1385\",\