Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Static PE information: certificate valid |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_0040626D FindFirstFileA,FindClose, |
0_2_0040626D |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_00405732 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, |
0_2_00405732 |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_004026FE FindFirstFileA, |
0_2_004026FE |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_Error |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.wavebrowserbase.com/inst/ |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.wavebrowserbase.com/log/imp/e/chr_offer_declined/d/ |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778505970.00000000004A8000.00000004.00000020.00020000.00000000.sdmp, WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://wavebrowser.co/changelog |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778505970.00000000004A8000.00000004.00000020.00020000.00000000.sdmp, WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://wavebrowser.co/privacy |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778505970.00000000004A8000.00000004.00000020.00020000.00000000.sdmp, WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://wavebrowser.co/terms |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778505970.00000000004A8000.00000004.00000020.00020000.00000000.sdmp, WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000002.73778957520.000000000288D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://wavebrowser.co/termshttps://wavebrowser.co/privacyhttps://wavebrowser.co/changelog |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_004051CF GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_004051CF |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_004031D6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_004031D6 |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_00404A0E |
0_2_00404A0E |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_004065F6 |
0_2_004065F6 |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe, 00000000.00000000.73776334138.000000000043A000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameWave Browser: vs WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Binary or memory string: OriginalFilenameWave Browser: vs WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean2.winEXE@1/1@0/0 |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_004031D6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_004031D6 |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_0040449B GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, |
0_2_0040449B |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_004020D1 CoCreateInstance,MultiByteToWideChar, |
0_2_004020D1 |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
File created: C:\Users\user\AppData\Local\Temp\nsu1CE8.tmp |
Jump to behavior |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
File read: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: edgegdi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 |
Jump to behavior |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Static PE information: certificate valid |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Static file information: File size 80737360 > 1048576 |
Source: WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_0040626D FindFirstFileA,FindClose, |
0_2_0040626D |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_00405732 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, |
0_2_00405732 |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_004026FE FindFirstFileA, |
0_2_004026FE |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\Desktop\WaveInstaller_x64-v1.5.18.2_from-v1.3.16.1.exe |
Code function: 0_2_004031D6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
0_2_004031D6 |