Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Wave-Executor.exe

Overview

General Information

Sample name:Wave-Executor.exe
Analysis ID:1579548
MD5:ff63ff29530a05383c1b9efc181312f6
SHA1:e52073b3cfb567bc6db7b7b04576224161de53fd
SHA256:16e432c3b5c0fab127ca33d87dd6a28489d3860b95045a5d0d2e42dfb6ce8c14
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Sample uses string decryption to hide its real strings
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Wave-Executor.exe (PID: 4152 cmdline: "C:\Users\user\Desktop\Wave-Executor.exe" MD5: FF63FF29530A05383C1B9EFC181312F6)
    • conhost.exe (PID: 2800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Wave-Executor.exe (PID: 5996 cmdline: "C:\Users\user\Desktop\Wave-Executor.exe" MD5: FF63FF29530A05383C1B9EFC181312F6)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["smash-boiling.cyou", "greywe-snotty.cyou", "cuddlyready.xyz", "ripe-blade.cyou", "supporse-comment.cyou", "steppriflej.xyz", "pollution-raker.cyou", "sendypaster.xyz", "hosue-billowy.cyou"], "Build id": "yau6Na--899083440"}
SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
    No Sigma rule has matched
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-22T23:51:29.924879+010020283713Unknown Traffic192.168.2.649707193.143.1.9443TCP
    2024-12-22T23:52:02.053647+010020283713Unknown Traffic192.168.2.649772193.143.1.9443TCP
    2024-12-22T23:52:33.924687+010020283713Unknown Traffic192.168.2.649845193.143.1.9443TCP
    2024-12-22T23:52:37.208918+010020283713Unknown Traffic192.168.2.64992223.55.153.106443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-22T23:52:38.065518+010028586661Domain Observed Used for C2 Detected192.168.2.64992223.55.153.106443TCP

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: 3.2.Wave-Executor.exe.400000.1.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["smash-boiling.cyou", "greywe-snotty.cyou", "cuddlyready.xyz", "ripe-blade.cyou", "supporse-comment.cyou", "steppriflej.xyz", "pollution-raker.cyou", "sendypaster.xyz", "hosue-billowy.cyou"], "Build id": "yau6Na--899083440"}
    Source: Wave-Executor.exeReversingLabs: Detection: 39%
    Source: Wave-Executor.exeVirustotal: Detection: 27%Perma Link
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 86.7% probability
    Source: Wave-Executor.exeJoe Sandbox ML: detected
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: pollution-raker.cyou
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: hosue-billowy.cyou
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: ripe-blade.cyou
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: smash-boiling.cyou
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: supporse-comment.cyou
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: greywe-snotty.cyou
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: steppriflej.xyz
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: sendypaster.xyz
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: cuddlyready.xyz
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: yau6Na--899083440
    Source: Wave-Executor.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.6:49922 version: TLS 1.2
    Source: Wave-Executor.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_00299075 FindFirstFileExW,0_2_00299075
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_00299126 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00299126
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00299075 FindFirstFileExW,3_2_00299075
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00299126 FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00299126
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], AF697AECh3_2_0043ACA1
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov ecx, eax3_2_00414040
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov ebx, eax3_2_004090A0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+000000A8h]3_2_0042B124
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_00433130
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov ecx, eax3_2_00415196
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-0000008Fh]3_2_004391B0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+1Dh]3_2_0042A216
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-28DB6A02h]3_2_0042A216
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov ecx, eax3_2_0040E2D1
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov esi, ecx3_2_004182DD
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov word ptr [edx], cx3_2_004182DD
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov eax, dword ptr [edi+0Ch]3_2_004022B0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], E785F9BAh3_2_00424320
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0040A39C
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]3_2_004073A0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]3_2_004073A0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+06h]3_2_0040C433
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-2DE6A924h]3_2_0043D430
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx]3_2_004224E0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then test eax, eax3_2_00436490
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then push eax3_2_00436490
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov byte ptr [edx], al3_2_0042A67D
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov byte ptr [edx], al3_2_0042A615
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx edi, byte ptr [ecx]3_2_00419620
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+78h]3_2_00419620
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+1Ch]3_2_00425620
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+1B4BB045h]3_2_00425620
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then jmp eax3_2_004276F0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov word ptr [edi], ax3_2_0041C720
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx esi, byte ptr [esp+ebx+0Ah]3_2_0041C720
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov esi, edx3_2_0040C7E8
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+00000106h]3_2_00415800
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx ebp, byte ptr [esp+edx-0000009Bh]3_2_00438800
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_00428930
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx esi, byte ptr [ebp+edx+00h]3_2_004029C0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+08h]3_2_004359F0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov eax, edx3_2_004359F0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov ebx, eax3_2_004359F0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-6Fh]3_2_004359F0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h3_2_0043C9A0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+6BC763FCh]3_2_0041EA40
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then cmp word ptr [edx+eax], 0000h3_2_0041EA40
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov ecx, eax3_2_00416B1F
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-3E4A6BB3h]3_2_0043ABCC
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov ecx, eax3_2_0040DBDB
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov edx, ecx3_2_0040DBDB
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx edx, byte ptr [ecx+esi]3_2_00402BA0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78168CD7h]3_2_00438D60
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov esi, ecx3_2_00422D28
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+1Dh]3_2_0042AD95
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-28DB6A02h]3_2_0042AD95
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov byte ptr [edi], bl3_2_00408E40
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then jmp eax3_2_00426E70
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then jmp eax3_2_0040BE22
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov ecx, eax3_2_00439E20
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then cmp byte ptr [esi+eax], 00000000h3_2_00428EC0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], AF697AECh3_2_0043AEB0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-24B7157Ah]3_2_0043AF20
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then mov esi, ecx3_2_00422FD0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+1Ch]3_2_0043AF8A
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx+2376781Ah]3_2_0041BFA0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 4x nop then cmp word ptr [edi+ecx], 0000h3_2_0041BFA0

    Networking

    barindex
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49922 -> 23.55.153.106:443
    Source: Malware configuration extractorURLs: smash-boiling.cyou
    Source: Malware configuration extractorURLs: greywe-snotty.cyou
    Source: Malware configuration extractorURLs: cuddlyready.xyz
    Source: Malware configuration extractorURLs: ripe-blade.cyou
    Source: Malware configuration extractorURLs: supporse-comment.cyou
    Source: Malware configuration extractorURLs: steppriflej.xyz
    Source: Malware configuration extractorURLs: pollution-raker.cyou
    Source: Malware configuration extractorURLs: sendypaster.xyz
    Source: Malware configuration extractorURLs: hosue-billowy.cyou
    Source: DNS query: cuddlyready.xyz
    Source: DNS query: sendypaster.xyz
    Source: DNS query: steppriflej.xyz
    Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
    Source: Joe Sandbox ViewASN Name: BITWEB-ASRU BITWEB-ASRU
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49707 -> 193.143.1.9:443
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49772 -> 193.143.1.9:443
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49845 -> 193.143.1.9:443
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49922 -> 23.55.153.106:443
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=699df05071997568ab873dbf; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 22 Dec 2024 22:52:37 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control%% equals www.youtube.com (Youtube)
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: cuddlyready.xyz
    Source: global trafficDNS traffic detected: DNS query: sendypaster.xyz
    Source: global trafficDNS traffic detected: DNS query: steppriflej.xyz
    Source: global trafficDNS traffic detected: DNS query: greywe-snotty.cyou
    Source: global trafficDNS traffic detected: DNS query: supporse-comment.cyou
    Source: global trafficDNS traffic detected: DNS query: smash-boiling.cyou
    Source: global trafficDNS traffic detected: DNS query: ripe-blade.cyou
    Source: global trafficDNS traffic detected: DNS query: hosue-billowy.cyou
    Source: global trafficDNS traffic detected: DNS query: pollution-raker.cyou
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
    Source: Wave-Executor.exe, 00000003.00000003.3094339040.0000000000ACC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greywe-snotty.cyou/api
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: Wave-Executor.exe, 00000003.00000002.3134453720.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hosue-billowy.cyou:443/api
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: Wave-Executor.exe, 00000003.00000002.3134453720.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pollution-raker.cyou:443/api
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: Wave-Executor.exe, 00000003.00000002.3134453720.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smash-boiling.cyou:443/apipi
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: Wave-Executor.exe, 00000003.00000002.3134453720.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133632330.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134570473.0000000000AD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: Wave-Executor.exe, 00000003.00000002.3134453720.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900d
    Source: Wave-Executor.exe, 00000003.00000002.3134453720.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steppriflej.xyz:443/api3
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134761785.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: Wave-Executor.exe, 00000003.00000002.3134761785.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shopT
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133632330.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.6:49922 version: TLS 1.2
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00431070 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,3_2_00431070
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00431070 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,3_2_00431070
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004316D2 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,3_2_004316D2
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_002710000_2_00271000
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_0028C0400_2_0028C040
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_002861940_2_00286194
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_002912500_2_00291250
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_0029EB720_2_0029EB72
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_0028AC410_2_0028AC41
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_0029CD970_2_0029CD97
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_002710003_2_00271000
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0028C0403_2_0028C040
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_002861943_2_00286194
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_002912503_2_00291250
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0029EB723_2_0029EB72
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0028AC413_2_0028AC41
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0029CD973_2_0029CD97
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004084B03_2_004084B0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043C6F03_2_0043C6F0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0040ADD03_2_0040ADD0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004140403_2_00414040
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043D0503_2_0043D050
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004090A03_2_004090A0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004211703_2_00421170
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0042E17E3_2_0042E17E
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004271103_2_00427110
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004351103_2_00435110
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0042B1243_2_0042B124
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004061303_2_00406130
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004361D03_2_004361D0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0042F1A03_2_0042F1A0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004391B03_2_004391B0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004182DD3_2_004182DD
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0041D2803_2_0041D280
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004252803_2_00425280
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004042903_2_00404290
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004153003_2_00415300
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0041132E3_2_0041132E
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004343ED3_2_004343ED
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004073A03_2_004073A0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004284523_2_00428452
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004174283_2_00417428
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043D4303_2_0043D430
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004224E03_2_004224E0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004364903_2_00436490
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0042A4973_2_0042A497
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004265023_2_00426502
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004065C03_2_004065C0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004295C03_2_004295C0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004095803_2_00409580
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004356703_2_00435670
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004196203_2_00419620
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004256203_2_00425620
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004276F03_2_004276F0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0041570C3_2_0041570C
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0041C7203_2_0041C720
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004158003_2_00415800
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004388003_2_00438800
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004258043_2_00425804
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004338213_2_00433821
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043B8203_2_0043B820
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004058D03_2_004058D0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004038E03_2_004038E0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0041D9403_2_0041D940
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043B9403_2_0043B940
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043B95B3_2_0043B95B
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043B9593_2_0043B959
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0040A9003_2_0040A900
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004029C03_2_004029C0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004359F03_2_004359F0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0041B9A63_2_0041B9A6
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0041EA403_2_0041EA40
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043CAC03_2_0043CAC0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043BAD03_2_0043BAD0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043BB603_2_0043BB60
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00404BC03_2_00404BC0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00414BD03_2_00414BD0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0040DBDB3_2_0040DBDB
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043BBF03_2_0043BBF0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00423C213_2_00423C21
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0042BCB43_2_0042BCB4
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00421D483_2_00421D48
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00416D503_2_00416D50
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0042A4973_2_0042A497
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00436D5C3_2_00436D5C
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043CD603_2_0043CD60
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00422D283_2_00422D28
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00405D903_2_00405D90
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00411D903_2_00411D90
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00430D903_2_00430D90
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0042AD953_2_0042AD95
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00408E403_2_00408E40
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00426E703_2_00426E70
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00427E7A3_2_00427E7A
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00420E103_2_00420E10
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00402EE03_2_00402EE0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00434EB03_2_00434EB0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00422FD03_2_00422FD0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00415F8B3_2_00415F8B
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0041BFA03_2_0041BFA0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0041CFB03_2_0041CFB0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: String function: 0028F55E appears 42 times
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: String function: 00414030 appears 49 times
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: String function: 00407EF0 appears 38 times
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: String function: 002941C4 appears 34 times
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: String function: 002866A0 appears 100 times
    Source: Wave-Executor.exe, 00000000.00000002.2131972723.0000000003077000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Wave-Executor.exe
    Source: Wave-Executor.exe, 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Wave-Executor.exe
    Source: Wave-Executor.exe, 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Wave-Executor.exe
    Source: Wave-Executor.exe, 00000003.00000003.2130958981.000000000268E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Wave-Executor.exe
    Source: Wave-Executor.exeBinary or memory string: OriginalFilenameRpcPing.exej% vs Wave-Executor.exe
    Source: Wave-Executor.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: Wave-Executor.exeStatic PE information: Section: .bss ZLIB complexity 1.0003266550522647
    Source: classification engineClassification label: mal100.troj.evad.winEXE@4/1@10/2
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0042F4B0 CoCreateInstance,3_2_0042F4B0
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2800:120:WilError_03
    Source: Wave-Executor.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Wave-Executor.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: Wave-Executor.exeReversingLabs: Detection: 39%
    Source: Wave-Executor.exeVirustotal: Detection: 27%
    Source: C:\Users\user\Desktop\Wave-Executor.exeFile read: C:\Users\user\Desktop\Wave-Executor.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\Wave-Executor.exe "C:\Users\user\Desktop\Wave-Executor.exe"
    Source: C:\Users\user\Desktop\Wave-Executor.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Wave-Executor.exeProcess created: C:\Users\user\Desktop\Wave-Executor.exe "C:\Users\user\Desktop\Wave-Executor.exe"
    Source: C:\Users\user\Desktop\Wave-Executor.exeProcess created: C:\Users\user\Desktop\Wave-Executor.exe "C:\Users\user\Desktop\Wave-Executor.exe"Jump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeSection loaded: dpapi.dllJump to behavior
    Source: Wave-Executor.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
    Source: Wave-Executor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: Wave-Executor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: Wave-Executor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: Wave-Executor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: Wave-Executor.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_002867C3 push ecx; ret 0_2_002867D6
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_002867C3 push ecx; ret 3_2_002867D6
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_004202A3 push edx; ret 3_2_004202AC
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043B7B0 push eax; mov dword ptr [esp], 4D4C4B9Ah3_2_0043B7B3
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00441BF1 push FFFFFFFEh; ret 3_2_00441BF5
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00444DFC push edi; iretd 3_2_00444DFD
    Source: C:\Users\user\Desktop\Wave-Executor.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-22306
    Source: C:\Users\user\Desktop\Wave-Executor.exeAPI coverage: 3.4 %
    Source: C:\Users\user\Desktop\Wave-Executor.exe TID: 6440Thread sleep time: -90000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_00299075 FindFirstFileExW,0_2_00299075
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_00299126 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00299126
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00299075 FindFirstFileExW,3_2_00299075
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00299126 FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00299126
    Source: Wave-Executor.exe, 00000003.00000002.3134453720.0000000000A9C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpO
    Source: Wave-Executor.exe, 00000003.00000003.3133632330.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134570473.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3094339040.0000000000AD7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0043A0F0 LdrInitializeThunk,3_2_0043A0F0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_0028F2B0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0028F2B0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_002AF19E mov edi, dword ptr fs:[00000030h]0_2_002AF19E
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_002716C0 mov edi, dword ptr fs:[00000030h]0_2_002716C0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_002716C0 mov edi, dword ptr fs:[00000030h]3_2_002716C0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_00294ABC GetProcessHeap,0_2_00294ABC
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_0028616C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0028616C
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_0028F2B0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0028F2B0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_00286528 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00286528
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_0028651C SetUnhandledExceptionFilter,0_2_0028651C
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0028616C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0028616C
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0028F2B0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0028F2B0
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_00286528 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00286528
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 3_2_0028651C SetUnhandledExceptionFilter,3_2_0028651C

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_002AF19E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_002AF19E
    Source: C:\Users\user\Desktop\Wave-Executor.exeMemory written: C:\Users\user\Desktop\Wave-Executor.exe base: 400000 value starts with: 4D5AJump to behavior
    Source: Wave-Executor.exe, 00000000.00000002.2131972723.0000000003077000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: steppriflej.xyz
    Source: Wave-Executor.exe, 00000000.00000002.2131972723.0000000003077000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: sendypaster.xyz
    Source: Wave-Executor.exe, 00000000.00000002.2131972723.0000000003077000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: cuddlyready.xyz
    Source: C:\Users\user\Desktop\Wave-Executor.exeProcess created: C:\Users\user\Desktop\Wave-Executor.exe "C:\Users\user\Desktop\Wave-Executor.exe"Jump to behavior
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: EnumSystemLocalesW,0_2_002943A7
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_002983DF
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: EnumSystemLocalesW,0_2_00298630
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_002986CB
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: EnumSystemLocalesW,0_2_0029891E
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,0_2_0029897D
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: EnumSystemLocalesW,0_2_00298A52
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,0_2_00298A9D
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00298B44
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,0_2_00298C4A
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,0_2_00293EAC
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: EnumSystemLocalesW,3_2_002943A7
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_002983DF
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: EnumSystemLocalesW,3_2_00298630
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,3_2_002986CB
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: EnumSystemLocalesW,3_2_0029891E
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,3_2_0029897D
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: EnumSystemLocalesW,3_2_00298A52
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,3_2_00298A9D
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_00298B44
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,3_2_00298C4A
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: GetLocaleInfoW,3_2_00293EAC
    Source: C:\Users\user\Desktop\Wave-Executor.exeCode function: 0_2_00287110 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00287110
    Source: C:\Users\user\Desktop\Wave-Executor.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Native API
    1
    DLL Side-Loading
    211
    Process Injection
    1
    Virtualization/Sandbox Evasion
    OS Credential Dumping1
    System Time Discovery
    Remote Services1
    Screen Capture
    11
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell
    Boot or Logon Initialization Scripts1
    DLL Side-Loading
    211
    Process Injection
    LSASS Memory21
    Security Software Discovery
    Remote Desktop Protocol1
    Archive Collected Data
    1
    Ingress Tool Transfer
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information
    Security Account Manager1
    Virtualization/Sandbox Evasion
    SMB/Windows Admin Shares2
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
    Obfuscated Files or Information
    NTDS1
    File and Directory Discovery
    Distributed Component Object ModelInput Capture113
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Software Packing
    LSA Secrets13
    System Information Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading
    Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    Wave-Executor.exe39%ReversingLabsWin32.Packed.Generic
    Wave-Executor.exe28%VirustotalBrowse
    Wave-Executor.exe100%Joe Sandbox ML
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    sendypaster.xyz
    193.143.1.9
    truetrue
      unknown
      cuddlyready.xyz
      193.143.1.9
      truetrue
        unknown
        steamcommunity.com
        23.55.153.106
        truefalse
          high
          steppriflej.xyz
          193.143.1.9
          truetrue
            unknown
            supporse-comment.cyou
            unknown
            unknowntrue
              unknown
              ripe-blade.cyou
              unknown
              unknowntrue
                unknown
                greywe-snotty.cyou
                unknown
                unknowntrue
                  unknown
                  hosue-billowy.cyou
                  unknown
                  unknowntrue
                    unknown
                    smash-boiling.cyou
                    unknown
                    unknowntrue
                      unknown
                      pollution-raker.cyou
                      unknown
                      unknowntrue
                        unknown
                        NameMaliciousAntivirus DetectionReputation
                        sendypaster.xyztrue
                          unknown
                          steppriflej.xyztrue
                            unknown
                            smash-boiling.cyoutrue
                              unknown
                              supporse-comment.cyoutrue
                                unknown
                                hosue-billowy.cyoutrue
                                  unknown
                                  cuddlyready.xyztrue
                                    unknown
                                    https://steamcommunity.com/profiles/76561199724331900false
                                      high
                                      ripe-blade.cyoutrue
                                        unknown
                                        greywe-snotty.cyoutrue
                                          unknown
                                          pollution-raker.cyoutrue
                                            unknown
                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://steamcommunity.com/my/wishlist/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngWave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                https://player.vimeo.comWave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://pollution-raker.cyou:443/apiWave-Executor.exe, 00000003.00000002.3134453720.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    unknown
                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://steamcommunity.com/?subsection=broadcastsWave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://help.steampowered.com/en/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://steamcommunity.com/market/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://store.steampowered.com/news/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://store.steampowered.com/subscriber_agreement/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://www.gstatic.cn/recaptcha/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://store.steampowered.com/subscriber_agreement/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEEWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://recaptcha.net/recaptcha/;Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://www.valvesoftware.com/legal.htmWave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=enWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://steamcommunity.com/discussions/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://www.youtube.comWave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://www.google.comWave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://store.steampowered.com/stats/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://medal.tvWave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://broadcast.st.dl.eccdnx.comWave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngWave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://store.steampowered.com/steam_refunds/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://store.steampowered.com/points/shopTWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://smash-boiling.cyou:443/apipiWave-Executor.exe, 00000003.00000002.3134453720.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133632330.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://greywe-snotty.cyou/apiWave-Executor.exe, 00000003.00000003.3094339040.0000000000ACC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://s.ytimg.com;Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://steamcommunity.com/workshop/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://login.steampowered.com/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbWave-Executor.exe, 00000003.00000002.3134761785.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://store.steampowered.com/legal/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://community.fastly.steamstatic.com/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engliWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://steam.tv/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://hosue-billowy.cyou:443/apiWave-Executor.exe, 00000003.00000002.3134453720.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    unknown
                                                                                                                                                    https://steamcommunity.com:443/profiles/76561199724331900dWave-Executor.exe, 00000003.00000002.3134453720.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://store.steampowered.com/privacy_agreement/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://store.steampowered.com/points/shop/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://recaptcha.netWave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://store.steampowered.com/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://steamcommunity.comWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://sketchfab.comWave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://lv.queniujq.cnWave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngWave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://www.youtube.com/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://127.0.0.1:27060Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://store.steampowered.com/privacy_agreement/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://steppriflej.xyz:443/api3Wave-Executor.exe, 00000003.00000002.3134453720.0000000000AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                unknown
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://www.google.com/recaptcha/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://checkout.steampowered.com/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://help.steampowered.com/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://api.steampowered.com/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            http://store.steampowered.com/account/cookiepreferences/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134453720.0000000000ACA000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://store.steampowered.com/mobileWave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://steamcommunity.com/Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://store.steampowered.com/;Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000002.3134761785.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133583262.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://store.steampowered.com/about/Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&lWave-Executor.exe, 00000003.00000003.3133529344.0000000000B41000.00000004.00000020.00020000.00000000.sdmp, Wave-Executor.exe, 00000003.00000003.3133529344.0000000000B47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs
                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          193.143.1.9
                                                                                                                                                                                                          sendypaster.xyzunknown
                                                                                                                                                                                                          57271BITWEB-ASRUtrue
                                                                                                                                                                                                          23.55.153.106
                                                                                                                                                                                                          steamcommunity.comUnited States
                                                                                                                                                                                                          20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1579548
                                                                                                                                                                                                          Start date and time:2024-12-22 23:50:05 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 5m 5s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:6
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:Wave-Executor.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal100.troj.evad.winEXE@4/1@10/2
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 98%
                                                                                                                                                                                                          • Number of executed functions: 30
                                                                                                                                                                                                          • Number of non-executed functions: 149
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.175.87.197
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                          17:51:28API Interceptor5x Sleep call for process: Wave-Executor.exe modified
                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          23.55.153.106file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                            8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                            cccc2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              steamcommunity.comfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              qth5kdee.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                              LgendPremium.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                              ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              f86nrrc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                                              Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              AKAMAI-ASN1EU2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 172.237.152.235
                                                                                                                                                                                                                              mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                              • 23.211.121.53
                                                                                                                                                                                                                              nshkarm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 172.233.106.253
                                                                                                                                                                                                                              nsharm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 172.227.252.37
                                                                                                                                                                                                                              arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                              • 23.215.103.199
                                                                                                                                                                                                                              nsharm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 23.1.235.104
                                                                                                                                                                                                                              nshkmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 23.44.132.66
                                                                                                                                                                                                                              http://www.eventcreate.com/e/you-have-received-a-new-docGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 172.235.158.251
                                                                                                                                                                                                                              nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 104.97.147.155
                                                                                                                                                                                                                              arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 23.200.80.198
                                                                                                                                                                                                                              BITWEB-ASRUhttps://mdgouv.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 193.143.1.14
                                                                                                                                                                                                                              11029977736728949.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                              • 193.143.1.231
                                                                                                                                                                                                                              11029977736728949.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                              • 193.143.1.231
                                                                                                                                                                                                                              22054200882739718047.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                              • 193.143.1.231
                                                                                                                                                                                                                              22054200882739718047.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                              • 193.143.1.231
                                                                                                                                                                                                                              https://courtscali.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 193.143.1.14
                                                                                                                                                                                                                              18452302672446430694.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                              • 193.143.1.231
                                                                                                                                                                                                                              18452302672446430694.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                              • 193.143.1.231
                                                                                                                                                                                                                              2971435162666519472.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                              • 193.143.1.231
                                                                                                                                                                                                                              2971435162666519472.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                              • 193.143.1.231
                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              Full_Ver_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              Solara-3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                              No context
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\Wave-Executor.exe
                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:c:c
                                                                                                                                                                                                                              MD5:415290769594460E2E485922904F345D
                                                                                                                                                                                                                              SHA1:95CB0BFD2977C761298D9624E4B4D4C72A39974A
                                                                                                                                                                                                                              SHA-256:A1FCE4363854FF888CFF4B8E7875D600C2682390412A8CF79B37D0B11148B0FA
                                                                                                                                                                                                                              SHA-512:121B4774A759924A2929C4A412FB6E31B9AAA746466840EFCC4A76D69A94149E2364E3983D646FEAFAA1B511785E5C9E90AEDC30DA6A6BEAD5520ECC99C6626A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Preview:y
                                                                                                                                                                                                                              File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Entropy (8bit):7.518043600450358
                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                              File name:Wave-Executor.exe
                                                                                                                                                                                                                              File size:567'296 bytes
                                                                                                                                                                                                                              MD5:ff63ff29530a05383c1b9efc181312f6
                                                                                                                                                                                                                              SHA1:e52073b3cfb567bc6db7b7b04576224161de53fd
                                                                                                                                                                                                                              SHA256:16e432c3b5c0fab127ca33d87dd6a28489d3860b95045a5d0d2e42dfb6ce8c14
                                                                                                                                                                                                                              SHA512:5b4b56ab031df8fe5cec098789709c0ed85c715da5e2dae71cfd0195111c1f809cf1fd26d6400944c32a3185ef5c2f623eebed1f685e451fc364166f30495e43
                                                                                                                                                                                                                              SSDEEP:12288:eRIomkRJWzi7X+UeyZALGIM4lT+yYfygdXNxsdPeZ++ygrz4p:ee/kRJWzib+UnAL+QT+yYVp3ZZ+DUz4
                                                                                                                                                                                                                              TLSH:D6C4D0117580C072D9A731B364BADB6A863DF9200B626ECF97480DBDDF351D1AA31B27
                                                                                                                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....hg.........."......(...........p............@.......................................@.....................................<..
                                                                                                                                                                                                                              Icon Hash:00928e8e8686b000
                                                                                                                                                                                                                              Entrypoint:0x4170bb
                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              Subsystem:windows cui
                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                              Time Stamp:0x676819F1 [Sun Dec 22 13:53:53 2024 UTC]
                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                              Import Hash:1f5f01fd52677b24724028ad24992aa9
                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                              call 00007F4B8C8F767Ah
                                                                                                                                                                                                                              jmp 00007F4B8C8F74E9h
                                                                                                                                                                                                                              mov ecx, dword ptr [00440700h]
                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                              mov edi, BB40E64Eh
                                                                                                                                                                                                                              mov esi, FFFF0000h
                                                                                                                                                                                                                              cmp ecx, edi
                                                                                                                                                                                                                              je 00007F4B8C8F7676h
                                                                                                                                                                                                                              test esi, ecx
                                                                                                                                                                                                                              jne 00007F4B8C8F7698h
                                                                                                                                                                                                                              call 00007F4B8C8F76A1h
                                                                                                                                                                                                                              mov ecx, eax
                                                                                                                                                                                                                              cmp ecx, edi
                                                                                                                                                                                                                              jne 00007F4B8C8F7679h
                                                                                                                                                                                                                              mov ecx, BB40E64Fh
                                                                                                                                                                                                                              jmp 00007F4B8C8F7680h
                                                                                                                                                                                                                              test esi, ecx
                                                                                                                                                                                                                              jne 00007F4B8C8F767Ch
                                                                                                                                                                                                                              or eax, 00004711h
                                                                                                                                                                                                                              shl eax, 10h
                                                                                                                                                                                                                              or ecx, eax
                                                                                                                                                                                                                              mov dword ptr [00440700h], ecx
                                                                                                                                                                                                                              not ecx
                                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                                              mov dword ptr [00440740h], ecx
                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                              sub esp, 14h
                                                                                                                                                                                                                              lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                              xorps xmm0, xmm0
                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                              movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                                                                                                                                              call dword ptr [0043D914h]
                                                                                                                                                                                                                              mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                                                              xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                              mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                              call dword ptr [0043D8CCh]
                                                                                                                                                                                                                              xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                              call dword ptr [0043D8C8h]
                                                                                                                                                                                                                              xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                              lea eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                              call dword ptr [0043D964h]
                                                                                                                                                                                                                              mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                                                              lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                                                                              xor eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                              xor eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                              xor eax, ecx
                                                                                                                                                                                                                              leave
                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                              mov eax, 00004000h
                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                              push 00441E50h
                                                                                                                                                                                                                              call dword ptr [0043D93Ch]
                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                              push 00030000h
                                                                                                                                                                                                                              push 00010000h
                                                                                                                                                                                                                              push 00000000h
                                                                                                                                                                                                                              call 00007F4B8C8FECA8h
                                                                                                                                                                                                                              add esp, 0Ch
                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3d6b40x3c.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x8f0000x3e8.rsrc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x440000x2324.reloc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x399680x18.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x35cf80xc0.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x3d8600x170.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                              .text0x10000x326cc0x32800ccc71f71555262d04b28eeb13f33c694False0.5078125data6.449171689149143IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rdata0x340000xad9c0xae00265ca2e098c45dacae5fa86d5b3aa7cbFalse0.4167789152298851locale data table4.866718139159974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .data0x3f0000x36180x260034a18fbac611bd450c331e8e8b0fc570False0.31270559210526316data5.125689677633356IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .tls0x430000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .reloc0x440000x23240x2400a5356144ed5fdf31d774488bfaa21264False0.7392578125data6.496424389763303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .bss0x470000x47c000x47c0098ad53af334563589f47135b332a8f0aFalse1.0003266550522647OpenPGP Secret Key7.999419799045812IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .rsrc0x8f0000x3e80x400ca17e41c5d6563031d3a61c6b3045e67False0.43359375data3.2859175893892143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                              RT_VERSION0x8f0580x390dataEnglishUnited States0.4517543859649123
                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                              KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateFileW, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                                                                                                                                              USER32.dllDefWindowProcW
                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                              EnglishUnited States
                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                              2024-12-22T23:51:29.924879+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649707193.143.1.9443TCP
                                                                                                                                                                                                                              2024-12-22T23:52:02.053647+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649772193.143.1.9443TCP
                                                                                                                                                                                                                              2024-12-22T23:52:33.924687+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649845193.143.1.9443TCP
                                                                                                                                                                                                                              2024-12-22T23:52:37.208918+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.64992223.55.153.106443TCP
                                                                                                                                                                                                                              2024-12-22T23:52:38.065518+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.64992223.55.153.106443TCP
                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Dec 22, 2024 23:50:58.379209042 CET49707443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:50:58.379281998 CET44349707193.143.1.9192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:50:58.379363060 CET49707443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:50:58.383013964 CET49707443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:50:58.383048058 CET44349707193.143.1.9192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:51:29.924879074 CET49707443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:51:30.406478882 CET49772443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:51:30.406534910 CET44349772193.143.1.9192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:51:30.406646013 CET49772443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:51:30.407130003 CET49772443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:51:30.407145977 CET44349772193.143.1.9192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:02.053647041 CET49772443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:52:02.436379910 CET49845443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:52:02.436481953 CET44349845193.143.1.9192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:02.436568975 CET49845443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:52:02.436997890 CET49845443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:52:02.437030077 CET44349845193.143.1.9192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:33.924686909 CET49845443192.168.2.6193.143.1.9
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.808357954 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.808409929 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.808500051 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.808937073 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.808950901 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:37.208817005 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:37.208918095 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:37.211060047 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:37.211071968 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:37.211389065 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:37.252310991 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:37.278064013 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:37.323329926 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.065732002 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.065785885 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.065810919 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.065828085 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.065846920 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.065870047 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.065876007 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.065892935 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.065901995 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.065923929 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.065963984 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.159674883 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.159729004 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.159748077 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.159765005 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.159786940 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.159812927 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.159818888 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.159876108 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.162822008 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.162834883 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.162859917 CET49922443192.168.2.623.55.153.106
                                                                                                                                                                                                                              Dec 22, 2024 23:52:38.162867069 CET4434992223.55.153.106192.168.2.6
                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Dec 22, 2024 23:50:57.981595039 CET5984553192.168.2.61.1.1.1
                                                                                                                                                                                                                              Dec 22, 2024 23:50:58.371012926 CET53598451.1.1.1192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:51:29.931303978 CET5556653192.168.2.61.1.1.1
                                                                                                                                                                                                                              Dec 22, 2024 23:51:30.405220032 CET53555661.1.1.1192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:02.119009018 CET5263653192.168.2.61.1.1.1
                                                                                                                                                                                                                              Dec 22, 2024 23:52:02.435305119 CET53526361.1.1.1192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:33.926646948 CET5157653192.168.2.61.1.1.1
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.243496895 CET53515761.1.1.1192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.251789093 CET6023653192.168.2.61.1.1.1
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.647774935 CET53602361.1.1.1192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.683222055 CET5482153192.168.2.61.1.1.1
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.900507927 CET53548211.1.1.1192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.905098915 CET5604653192.168.2.61.1.1.1
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.215440989 CET53560461.1.1.1192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.218681097 CET6095353192.168.2.61.1.1.1
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.439807892 CET53609531.1.1.1192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.444156885 CET5624653192.168.2.61.1.1.1
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.668040991 CET53562461.1.1.1192.168.2.6
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.670430899 CET5096553192.168.2.61.1.1.1
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.807382107 CET53509651.1.1.1192.168.2.6
                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                              Dec 22, 2024 23:50:57.981595039 CET192.168.2.61.1.1.10xdc2aStandard query (0)cuddlyready.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:51:29.931303978 CET192.168.2.61.1.1.10x976Standard query (0)sendypaster.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:02.119009018 CET192.168.2.61.1.1.10xeee4Standard query (0)steppriflej.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:33.926646948 CET192.168.2.61.1.1.10xb64cStandard query (0)greywe-snotty.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.251789093 CET192.168.2.61.1.1.10x3fbcStandard query (0)supporse-comment.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.683222055 CET192.168.2.61.1.1.10xac35Standard query (0)smash-boiling.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.905098915 CET192.168.2.61.1.1.10x3020Standard query (0)ripe-blade.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.218681097 CET192.168.2.61.1.1.10x1f28Standard query (0)hosue-billowy.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.444156885 CET192.168.2.61.1.1.10x2fe9Standard query (0)pollution-raker.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.670430899 CET192.168.2.61.1.1.10x72c6Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                              Dec 22, 2024 23:50:58.371012926 CET1.1.1.1192.168.2.60xdc2aNo error (0)cuddlyready.xyz193.143.1.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:51:30.405220032 CET1.1.1.1192.168.2.60x976No error (0)sendypaster.xyz193.143.1.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:02.435305119 CET1.1.1.1192.168.2.60xeee4No error (0)steppriflej.xyz193.143.1.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.243496895 CET1.1.1.1192.168.2.60xb64cName error (3)greywe-snotty.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.647774935 CET1.1.1.1192.168.2.60x3fbcName error (3)supporse-comment.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:34.900507927 CET1.1.1.1192.168.2.60xac35Name error (3)smash-boiling.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.215440989 CET1.1.1.1192.168.2.60x3020Name error (3)ripe-blade.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.439807892 CET1.1.1.1192.168.2.60x1f28Name error (3)hosue-billowy.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.668040991 CET1.1.1.1192.168.2.60x2fe9Name error (3)pollution-raker.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Dec 22, 2024 23:52:35.807382107 CET1.1.1.1192.168.2.60x72c6No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              • steamcommunity.com
                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                              0192.168.2.64992223.55.153.1064435996C:\Users\user\Desktop\Wave-Executor.exe
                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                              2024-12-22 22:52:37 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                              Host: steamcommunity.com
                                                                                                                                                                                                                              2024-12-22 22:52:38 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                              Date: Sun, 22 Dec 2024 22:52:37 GMT
                                                                                                                                                                                                                              Content-Length: 25665
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Set-Cookie: sessionid=699df05071997568ab873dbf; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                              Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                              2024-12-22 22:52:38 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                              2024-12-22 22:52:38 UTC10097INData Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                              Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>
                                                                                                                                                                                                                              2024-12-22 22:52:38 UTC1089INData Raw: 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09
                                                                                                                                                                                                                              Data Ascii: heir respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br>


                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                              Start time:17:50:55
                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\Wave-Executor.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Wave-Executor.exe"
                                                                                                                                                                                                                              Imagebase:0x270000
                                                                                                                                                                                                                              File size:567'296 bytes
                                                                                                                                                                                                                              MD5 hash:FF63FF29530A05383C1B9EFC181312F6
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                                              Start time:17:50:55
                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                              Start time:17:50:56
                                                                                                                                                                                                                              Start date:22/12/2024
                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\Wave-Executor.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Wave-Executor.exe"
                                                                                                                                                                                                                              Imagebase:0x270000
                                                                                                                                                                                                                              File size:567'296 bytes
                                                                                                                                                                                                                              MD5 hash:FF63FF29530A05383C1B9EFC181312F6
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:10.2%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:1.8%
                                                                                                                                                                                                                                Signature Coverage:3.4%
                                                                                                                                                                                                                                Total number of Nodes:438
                                                                                                                                                                                                                                Total number of Limit Nodes:12
                                                                                                                                                                                                                                execution_graph 22309 28a02c GetCommandLineA GetCommandLineW 22311 272820 76 API calls 22401 284e22 43 API calls _Ungetc 22312 29e825 49 API calls 22402 28663d 49 API calls _unexpected 22403 27c230 62 API calls 22316 283c33 47 API calls 2 library calls 22404 273200 5 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 22317 281c00 6 API calls 2 library calls 22405 281a00 6 API calls 2 library calls 22319 286815 DecodePointer 22411 284665 16 API calls 22323 29507c LeaveCriticalSection std::_Lockit::~_Lockit 22415 281a70 GetStringTypeW __Getwctype 22307 287074 21 API calls __CreateFrameInfo 22416 286e74 71 API calls 2 library calls 22417 282a4c 9 API calls 3 library calls 22326 27b440 39 API calls 22419 277240 49 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 22420 281e40 20 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 22422 292259 55 API calls 2 library calls 22427 28a6a3 66 API calls 22331 293ca7 FreeLibrary 22429 283eba 69 API calls codecvt 22332 2870bb GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 22333 286cbb GetModuleHandleW GetProcAddress GetProcAddress 22431 294abc GetProcessHeap 22334 2878b1 8 API calls 22336 289889 47 API calls 4 library calls 22435 298a9d 41 API calls 3 library calls 22437 272290 103 API calls 22338 281c90 LCMapStringEx __Towlower 22439 282693 DeleteCriticalSection 22339 2840eb 66 API calls 22340 27b4e0 29 API calls std::_Throw_Cpp_error 22341 2820fd 33 API calls std::_Throw_Cpp_error 22342 2730f0 31 API calls std::_Throw_Cpp_error 22443 27aef0 125 API calls 22445 2986cb 44 API calls 3 library calls 22345 27acc0 48 API calls 22447 294ace 34 API calls 2 library calls 22450 27d2d0 62 API calls 22349 28f4d5 7 API calls 22452 27d320 134 API calls 3 library calls 22454 287723 54 API calls 2 library calls 22456 286f27 30 API calls 21800 286f39 21801 286f45 ___scrt_is_nonwritable_in_current_image 21800->21801 21826 2824ec 21801->21826 21803 286f4c 21804 2870a5 21803->21804 21813 286f76 ___scrt_is_nonwritable_in_current_image __CreateFrameInfo ___scrt_release_startup_lock 21803->21813 21857 286528 4 API calls 2 library calls 21804->21857 21806 2870ac 21807 2870b2 21806->21807 21850 28c9bd 21806->21850 21858 28c9d3 21 API calls __CreateFrameInfo 21807->21858 21810 2870ba 21811 286f95 21812 287016 21837 28ef3c 21812->21837 21813->21811 21813->21812 21853 28ca07 39 API calls 4 library calls 21813->21853 21816 28701c 21841 271c20 21816->21841 21820 28703d 21820->21806 21821 287041 21820->21821 21822 28704a 21821->21822 21855 28c9e9 21 API calls __CreateFrameInfo 21821->21855 21856 282525 75 API calls ___scrt_uninitialize_crt 21822->21856 21825 287053 21825->21811 21827 2824f5 21826->21827 21859 286194 IsProcessorFeaturePresent 21827->21859 21829 282501 21860 2878c5 10 API calls 2 library calls 21829->21860 21831 282506 21836 28250a 21831->21836 21861 289dff 21831->21861 21834 282521 21834->21803 21836->21803 21838 28ef4a 21837->21838 21839 28ef45 21837->21839 21838->21816 21874 28f065 59 API calls 21839->21874 21875 272460 21841->21875 21845 271c6a 21891 272870 40 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 21845->21891 21847 271c85 21892 282303 21847->21892 21849 271ca4 21854 2864d5 GetModuleHandleW 21849->21854 22071 28cb08 21850->22071 21853->21812 21854->21820 21855->21822 21856->21825 21857->21806 21858->21810 21859->21829 21860->21831 21865 2954a5 21861->21865 21864 2878e4 7 API calls 2 library calls 21864->21836 21866 2954b5 21865->21866 21867 282513 21865->21867 21866->21867 21869 294c19 21866->21869 21867->21834 21867->21864 21870 294c20 21869->21870 21871 294c63 GetStdHandle 21870->21871 21872 294cc5 21870->21872 21873 294c76 GetFileType 21870->21873 21871->21870 21872->21866 21873->21870 21874->21838 21876 27248c 21875->21876 21899 27a920 21876->21899 21879 2724b0 21881 2724e0 21879->21881 21967 2747f0 21881->21967 21885 272806 21886 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21885->21886 21888 272811 21886->21888 21888->21845 21889 272590 21890 2725a4 21889->21890 21971 2814f0 21889->21971 21974 274b70 21890->21974 21891->21847 21893 28230b 21892->21893 21894 28230c IsProcessorFeaturePresent 21892->21894 21893->21849 21896 286086 21894->21896 22070 28616c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 21896->22070 21898 286169 21898->21849 21908 27aa60 21899->21908 21903 27a962 21924 27aaf0 21903->21924 21905 27a978 21906 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21905->21906 21907 271c52 21906->21907 21907->21879 21930 281280 21908->21930 21911 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21912 27a94d 21911->21912 21913 27a9d0 21912->21913 21914 27aa2b 21913->21914 21915 27a9eb 21913->21915 21916 28228f std::ios_base::_Init 16 API calls 21914->21916 21915->21914 21917 27a9fc 21915->21917 21918 27aa3c 21916->21918 21939 28228f 21917->21939 21952 27abc0 135 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 21918->21952 21921 27aa1d 21921->21903 21925 27ab04 21924->21925 21926 27ab18 21925->21926 21965 272b40 40 API calls Concurrency::cancel_current_task 21925->21965 21928 27ab31 21926->21928 21966 272b40 40 API calls Concurrency::cancel_current_task 21926->21966 21928->21905 21935 2812d0 21930->21935 21933 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21934 27aa8d 21933->21934 21934->21911 21936 2812f9 21935->21936 21937 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21936->21937 21938 2812b0 21937->21938 21938->21933 21942 282294 21939->21942 21941 27aa0d 21951 27ab80 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 21941->21951 21942->21941 21944 2822b0 21942->21944 21953 290ccc 21942->21953 21960 28ccef EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 21942->21960 21945 285f77 std::ios_base::_Init 21944->21945 21946 2822ba Concurrency::cancel_current_task 21944->21946 21962 287223 RaiseException 21945->21962 21961 287223 RaiseException 21946->21961 21948 285f93 21950 282dd9 21951->21921 21952->21921 21958 2931c1 __Getctype 21953->21958 21954 2931ff 21964 28eb64 14 API calls __Wcrtomb 21954->21964 21956 2931ea RtlAllocateHeap 21957 2931fd 21956->21957 21956->21958 21957->21942 21958->21954 21958->21956 21963 28ccef EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 21958->21963 21960->21942 21961->21950 21962->21948 21963->21958 21964->21957 21968 274810 21967->21968 21970 27482d 21968->21970 21982 274c90 40 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 21968->21982 21970->21889 21983 2850c2 21971->21983 21975 274b95 21974->21975 22050 279760 21975->22050 21978 274bc0 21979 274bd4 21978->21979 21980 274bef 21979->21980 22069 27a580 40 API calls 21979->22069 21980->21885 21982->21970 21986 284b30 21983->21986 21987 281531 21986->21987 21988 284b56 codecvt 21986->21988 21987->21890 21988->21987 21990 284cf2 21988->21990 21992 284d20 21990->21992 21998 284d19 21990->21998 21991 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 21993 284e1e 21991->21993 21994 284d6b 21992->21994 21996 284dd2 21992->21996 21992->21998 21993->21988 21994->21998 21999 284915 21994->21999 21996->21998 22002 29088d 69 API calls _Fputc 21996->22002 21998->21991 22003 2901f7 21999->22003 22001 284923 22001->21998 22002->21998 22004 29020a _Fputc 22003->22004 22007 290399 22004->22007 22006 290219 _Fputc 22006->22001 22008 2903a5 ___scrt_is_nonwritable_in_current_image 22007->22008 22009 2903ac 22008->22009 22010 2903d1 22008->22010 22048 28f3f8 29 API calls 2 library calls 22009->22048 22018 289ee4 EnterCriticalSection 22010->22018 22013 2903e0 22019 29022d 22013->22019 22014 2903c7 22014->22006 22018->22013 22020 290252 22019->22020 22021 290264 22019->22021 22022 290365 _Fputc 66 API calls 22020->22022 22023 2968c0 _Fputc 29 API calls 22021->22023 22024 29025c 22022->22024 22025 29026b 22023->22025 22026 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22024->22026 22027 2968c0 _Fputc 29 API calls 22025->22027 22031 290293 22025->22031 22028 290363 22026->22028 22030 29027c 22027->22030 22049 290421 LeaveCriticalSection __fread_nolock 22028->22049 22029 290349 22034 290365 _Fputc 66 API calls 22029->22034 22030->22031 22032 2968c0 _Fputc 29 API calls 22030->22032 22031->22029 22033 2968c0 _Fputc 29 API calls 22031->22033 22035 290288 22032->22035 22036 2902c6 22033->22036 22034->22024 22037 2968c0 _Fputc 29 API calls 22035->22037 22039 2968c0 _Fputc 29 API calls 22036->22039 22047 2902e9 22036->22047 22037->22031 22038 290301 22040 2965ec _Fputc 41 API calls 22038->22040 22041 2902d2 22039->22041 22043 290313 22040->22043 22042 2968c0 _Fputc 29 API calls 22041->22042 22041->22047 22044 2902de 22042->22044 22043->22024 22046 290096 _Fputc 66 API calls 22043->22046 22045 2968c0 _Fputc 29 API calls 22044->22045 22045->22047 22046->22043 22047->22029 22047->22038 22048->22014 22049->22014 22053 2797b0 22050->22053 22054 2797f4 22053->22054 22055 27989c 22053->22055 22059 279814 22054->22059 22065 287223 RaiseException 22054->22065 22056 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22055->22056 22057 2727f3 22056->22057 22057->21978 22066 2798b0 38 API calls std::ios_base::_Init 22059->22066 22061 27986f 22067 2798f0 31 API calls 2 library calls 22061->22067 22063 279884 22068 287223 RaiseException 22063->22068 22065->22059 22066->22061 22067->22063 22068->22055 22069->21980 22070->21898 22072 28cb35 22071->22072 22073 28cb47 22071->22073 22098 2864d5 GetModuleHandleW 22072->22098 22083 28cca2 22073->22083 22076 28cb3a 22076->22073 22099 28ca3c GetModuleHandleExW 22076->22099 22078 28c9ce 22078->21807 22081 28cb99 22084 28ccae ___scrt_is_nonwritable_in_current_image 22083->22084 22105 28f547 EnterCriticalSection 22084->22105 22086 28ccb8 22106 28cb9f 22086->22106 22088 28ccc5 22110 28cce3 22088->22110 22091 28cad7 22115 28cabe 22091->22115 22093 28cae1 22094 28caf5 22093->22094 22095 28cae5 GetCurrentProcess TerminateProcess 22093->22095 22096 28ca3c __CreateFrameInfo 3 API calls 22094->22096 22095->22094 22097 28cafd ExitProcess 22096->22097 22098->22076 22100 28ca7b GetProcAddress 22099->22100 22101 28ca9c 22099->22101 22100->22101 22102 28ca8f 22100->22102 22103 28caab 22101->22103 22104 28caa2 FreeLibrary 22101->22104 22102->22101 22103->22073 22104->22103 22105->22086 22108 28cbab ___scrt_is_nonwritable_in_current_image __CreateFrameInfo 22106->22108 22107 28cc0f __CreateFrameInfo 22107->22088 22108->22107 22113 28e86e 14 API calls 3 library calls 22108->22113 22114 28f55e LeaveCriticalSection 22110->22114 22112 28cb7e 22112->22078 22112->22091 22113->22107 22114->22112 22118 2968fc 22115->22118 22117 28cac3 __CreateFrameInfo 22117->22093 22119 29690b __CreateFrameInfo 22118->22119 22120 296918 22119->22120 22122 294077 22119->22122 22120->22117 22125 2941c4 22122->22125 22126 294093 22125->22126 22127 2941f4 22125->22127 22126->22120 22127->22126 22132 2940f9 22127->22132 22130 29420e GetProcAddress 22130->22126 22131 29421e std::_Locinfo::_Locinfo_dtor 22130->22131 22131->22126 22138 29410a ___vcrt_FlsSetValue 22132->22138 22133 2941a0 22133->22126 22133->22130 22134 294128 LoadLibraryExW 22135 294143 GetLastError 22134->22135 22136 2941a7 22134->22136 22135->22138 22136->22133 22137 2941b9 FreeLibrary 22136->22137 22137->22133 22138->22133 22138->22134 22139 294176 LoadLibraryExW 22138->22139 22139->22136 22139->22138 22353 284139 68 API calls 22459 27af30 50 API calls 22355 282934 16 API calls 2 library calls 22462 294b37 15 API calls 22463 284f09 57 API calls 2 library calls 22464 289f0c 15 API calls 2 library calls 22468 271b00 6 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 22359 27ad10 61 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 22360 282113 32 API calls std::_Throw_Cpp_error 22473 2a2315 IsProcessorFeaturePresent 22365 282163 48 API calls 2 library calls 22476 283b64 31 API calls 22366 29897d 42 API calls 3 library calls 22367 284175 68 API calls 22479 284348 72 API calls codecvt 22369 296948 43 API calls 2 library calls 22371 2a194f 20 API calls 22480 275f40 95 API calls 3 library calls 22372 287940 40 API calls 5 library calls 22383 272d80 14 API calls 22384 289d8f 7 API calls ___scrt_uninitialize_crt 22486 275380 98 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 22385 281d80 21 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 22487 283f9a 70 API calls 22140 2af19e 22147 2af1d4 22140->22147 22141 2af321 GetPEB 22142 2af333 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 22141->22142 22143 2af3da WriteProcessMemory 22142->22143 22142->22147 22144 2af41f 22143->22144 22145 2af461 WriteProcessMemory Wow64SetThreadContext ResumeThread 22144->22145 22146 2af424 WriteProcessMemory 22144->22146 22146->22144 22147->22141 22147->22142 22388 28219d 78 API calls std::_Throw_Cpp_error 22148 282b92 22171 282b03 GetModuleHandleExW 22148->22171 22151 282bd8 22153 282b03 Concurrency::details::_Reschedule_chore GetModuleHandleExW 22151->22153 22155 282bde 22153->22155 22156 282bff 22155->22156 22193 282ae6 GetModuleHandleExW 22155->22193 22173 27e620 22156->22173 22159 282bef 22159->22156 22160 282bf5 FreeLibraryWhenCallbackReturns 22159->22160 22160->22156 22162 282b03 Concurrency::details::_Reschedule_chore GetModuleHandleExW 22163 282c15 22162->22163 22164 27b920 47 API calls 22163->22164 22169 282c43 22163->22169 22165 282c21 22164->22165 22166 285c60 ReleaseSRWLockExclusive 22165->22166 22167 282c34 22166->22167 22167->22169 22194 2856ac WakeAllConditionVariable 22167->22194 22172 282b19 22171->22172 22172->22151 22182 27b920 22172->22182 22195 274f90 22173->22195 22175 27e641 std::_Throw_Cpp_error 22199 27f590 22175->22199 22178 27e66f 22179 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22178->22179 22180 27e679 22179->22180 22180->22162 22183 27b934 std::_Throw_Cpp_error 22182->22183 22286 285c4f 22183->22286 22187 27b951 22188 27b96d 22187->22188 22290 282d23 40 API calls 2 library calls 22187->22290 22190 285c60 22188->22190 22191 285c7b 22190->22191 22192 285c6d ReleaseSRWLockExclusive 22190->22192 22191->22151 22192->22191 22193->22159 22194->22169 22196 274fc0 22195->22196 22197 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22196->22197 22198 274fcd 22197->22198 22198->22175 22200 274f90 5 API calls 22199->22200 22201 27f5b1 std::_Throw_Cpp_error 22200->22201 22207 2803e0 22201->22207 22202 27f5c3 22203 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22202->22203 22204 27e667 22203->22204 22206 27e6b0 CloseThreadpoolWork std::_Throw_Cpp_error 22204->22206 22206->22178 22208 2803f7 22207->22208 22213 280530 22208->22213 22210 2803fe std::_Throw_Cpp_error 22212 280406 22210->22212 22220 2805f0 22210->22220 22212->22202 22225 27d930 22213->22225 22215 280557 22228 27da60 22215->22228 22218 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22219 2805b1 22218->22219 22219->22210 22235 280630 22220->22235 22223 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22224 280620 22223->22224 22224->22212 22226 27b920 47 API calls 22225->22226 22227 27d94e 22226->22227 22227->22215 22231 27b9d0 22228->22231 22232 27b9e1 std::_Throw_Cpp_error 22231->22232 22233 285c60 ReleaseSRWLockExclusive 22232->22233 22234 27b9e9 22233->22234 22234->22218 22236 280651 22235->22236 22245 280800 22236->22245 22238 280691 22248 280790 22238->22248 22242 2806b7 22243 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22242->22243 22244 280613 22243->22244 22244->22223 22255 280940 22245->22255 22247 280820 22247->22238 22249 2807b4 22248->22249 22270 2808d0 22249->22270 22251 2807cf 22252 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22251->22252 22253 2806a1 22252->22253 22254 2806d0 134 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 22253->22254 22254->22242 22256 280971 22255->22256 22261 2809b0 22256->22261 22258 280984 22259 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22258->22259 22260 28099b 22259->22260 22260->22247 22262 2809c7 22261->22262 22265 2809f0 22262->22265 22264 2809d5 22264->22258 22266 280a0d 22265->22266 22268 280a15 Concurrency::details::_ContextCallback::_CallInContext 22266->22268 22269 280a40 31 API calls 2 library calls 22266->22269 22268->22264 22269->22268 22271 2808e4 Concurrency::details::_ContextCallback::_CallInContext 22270->22271 22273 2808ec Concurrency::details::_ContextCallback::_CallInContext 22271->22273 22279 282eaa RaiseException Concurrency::cancel_current_task 22271->22279 22276 280b60 22273->22276 22280 280c00 22276->22280 22283 280c20 22280->22283 22284 27bdb0 Concurrency::details::_ContextCallback::_CallInContext 125 API calls 22283->22284 22285 280909 22284->22285 22285->22251 22291 285c7f GetCurrentThreadId 22286->22291 22289 282d23 40 API calls 2 library calls 22292 285cc8 22291->22292 22293 285ca9 22291->22293 22294 285cd1 22292->22294 22302 285ce8 22292->22302 22295 285cbe 22293->22295 22296 285cae AcquireSRWLockExclusive 22293->22296 22294->22295 22297 285cdc AcquireSRWLockExclusive 22294->22297 22299 282303 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 22295->22299 22296->22295 22297->22295 22298 285d47 22298->22295 22300 285d4e TryAcquireSRWLockExclusive 22298->22300 22301 27b93c 22299->22301 22300->22295 22301->22187 22301->22289 22302->22298 22304 285d00 22302->22304 22304->22295 22305 285d37 TryAcquireSRWLockExclusive 22304->22305 22306 286a0d GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 22304->22306 22305->22295 22305->22304 22306->22304 22393 297dee 41 API calls 3 library calls 22491 272bf0 30 API calls 22492 2933cd 16 API calls __Wcrtomb 22398 283dd2 45 API calls 2 library calls 22496 289fd4 73 API calls 2 library calls

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,002AF110,002AF100), ref: 002AF334
                                                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 002AF347
                                                                                                                                                                                                                                • Wow64GetThreadContext.KERNEL32(00000094,00000000), ref: 002AF365
                                                                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(0000008C,?,002AF154,00000004,00000000), ref: 002AF389
                                                                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(0000008C,?,?,00003000,00000040), ref: 002AF3B4
                                                                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(0000008C,00000000,?,?,00000000,?), ref: 002AF40C
                                                                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(0000008C,00400000,?,?,00000000,?,00000028), ref: 002AF457
                                                                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(0000008C,?,?,00000004,00000000), ref: 002AF495
                                                                                                                                                                                                                                • Wow64SetThreadContext.KERNEL32(00000094,01360000), ref: 002AF4D1
                                                                                                                                                                                                                                • ResumeThread.KERNELBASE(00000094), ref: 002AF4E0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                                                                                                • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                                                                                                • API String ID: 2687962208-3857624555
                                                                                                                                                                                                                                • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                • Instruction ID: 83f0d8f58dd68367ae5f436901e75073c00f67e68a21289ac30b89712c6b1337
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88B10B7660024AAFDB60CF58CD80BDA73A5FF89714F158164EA0CAB341D774FA51CB94

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 26 2940f9-294105 27 294197-29419a 26->27 28 29410a-29411b 27->28 29 2941a0 27->29 31 294128-294141 LoadLibraryExW 28->31 32 29411d-294120 28->32 30 2941a2-2941a6 29->30 35 294143-29414c GetLastError 31->35 36 2941a7-2941b7 31->36 33 2941c0-2941c2 32->33 34 294126 32->34 33->30 38 294194 34->38 39 29414e-294160 call 2976c1 35->39 40 294185-294192 35->40 36->33 37 2941b9-2941ba FreeLibrary 36->37 37->33 38->27 39->40 43 294162-294174 call 2976c1 39->43 40->38 43->40 46 294176-294183 LoadLibraryExW 43->46 46->36 46->40
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,EEE1F32E,?,00294208,00273E32,?,00000000,?), ref: 002941BA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                • Opcode ID: 53c4674217c2c81769e083050fb18c10bdc7273e0753598d1b2b82db873563af
                                                                                                                                                                                                                                • Instruction ID: 0ed8701c226f0dd80c1935a02b5659a2421946867606deed40b7a5ac86f4e89d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53c4674217c2c81769e083050fb18c10bdc7273e0753598d1b2b82db873563af
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01213031920212EBCF21BF64FC48E5A375CDF527A0F240211F90AA7290DB70EE66C9D0

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1378416451-0
                                                                                                                                                                                                                                • Opcode ID: de5a0352d877afac41e6736c40da4baff8341e2bebdfaa98e39fd98c72744fbd
                                                                                                                                                                                                                                • Instruction ID: e07eb620f8bba40e2d018b511ba7532fef2bea7a02840765a591bc9f1b5032ea
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de5a0352d877afac41e6736c40da4baff8341e2bebdfaa98e39fd98c72744fbd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B718EB4D05248CFDB10EFA8D58879DBBF0BF48304F10852AE899AB351E774A959CF52

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 81 278730-278795 82 2787d0-2787f3 call 276a80 81->82 83 27879b-2787ac 81->83 88 27880a-278822 82->88 89 2787f9-278805 82->89 84 2787c4-2787ca 83->84 85 2787b2-2787be 83->85 84->82 85->84 90 27887b 88->90 91 278828-278838 88->91 92 278880-2789c0 call 291170 call 290ca4 call 291170 call 2749d0 call 276aa0 call 274a00 call 276bb0 call 276c50 call 276c10 call 2749d0 call 276c70 call 274a00 call 276d80 call 276db0 89->92 90->92 91->90 93 27883e-27884f 91->93 124 2789c6-2789f1 call 2792f0 call 276c50 92->124 125 2789f3-2789fa 92->125 95 278855-278866 93->95 96 27886c-278875 93->96 95->90 95->96 96->90 124->125 127 278b21-278b3a call 271dc0 call 276ee0 125->127 128 278a00-278a09 125->128 142 278b56-278b60 127->142 143 278b40-278b50 call 276ee0 127->143 130 278a20-278a26 128->130 131 278a0f-278a1b 128->131 134 278a2c-278a4c call 276c50 130->134 131->134 141 278a52-278a66 134->141 145 278aa7-278aaf 141->145 146 278a6c-278a81 141->146 144 278b76-278b90 call 276a80 142->144 143->142 157 278b65-278b70 call 276ee0 143->157 159 278b96-278ba0 144->159 160 278c81-278c8b 144->160 150 278ab5-278b1c 145->150 151 278aba-278b02 call 276dd0 145->151 146->145 148 278a87-278aa1 146->148 148->145 150->127 164 278b17 151->164 165 278b08-278b11 151->165 157->144 159->160 166 278ba6-278c7c call 276f00 call 276c50 call 276f80 159->166 161 278c91-278d79 call 276c50 call 276f80 call 276f00 160->161 162 278d7e-278e04 call 276c50 call 276f80 160->162 181 278e07 161->181 162->181 164->141 165->164 185 278e0c-278e82 call 276c50 call 276f80 166->185 181->185 189 278e87-278f2c call 277010 call 276f00 call 271e70 * 2 call 282303 185->189
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _strcspn
                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                • API String ID: 3709121408-2766056989
                                                                                                                                                                                                                                • Opcode ID: 891aa6e15b0da59eb23c5f8317258c6729b75b7919e3a1b24bcf4c5abd00f896
                                                                                                                                                                                                                                • Instruction ID: 63e6de5f95d1f647b7def46c0c5f13847c9ef15b83b24c89500ddaee13cfb462
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 891aa6e15b0da59eb23c5f8317258c6729b75b7919e3a1b24bcf4c5abd00f896
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A132E3B491426A8FCB24DF64C985A9DFBF1BF48300F04C5AAE84DA7311D730AA94CF91

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleFreeProtectVirtual
                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                • API String ID: 621788221-2766056989
                                                                                                                                                                                                                                • Opcode ID: e1e936844ad6c4c09471aad75a59a7c5d09d85c15e0795aee7ac456d6665ace1
                                                                                                                                                                                                                                • Instruction ID: 238404174e4f147bf9268ca14e8aae1a55c950985e23f2cdcd953636dcbf8844
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1e936844ad6c4c09471aad75a59a7c5d09d85c15e0795aee7ac456d6665ace1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6641E0B0D10208DFCB04EFA9E98869EBBF0EF48314F10C52AE858AB351D774A954CF95

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(0028C9E4,?,0028CB99,00000000,?,?,0028C9E4,EEE1F32E,?,0028C9E4), ref: 0028CAE8
                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,0028CB99,00000000,?,?,0028C9E4,EEE1F32E,?,0028C9E4), ref: 0028CAEF
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 0028CB01
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                                • Opcode ID: 66bf0d31e01aaa933a3da79f70fdf58ac9a3e85f3569654c3a73706db6fca9f2
                                                                                                                                                                                                                                • Instruction ID: eb29d09767d47a0c03c71c77f0bf87bee254b8838753a50f83867da154e43bce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66bf0d31e01aaa933a3da79f70fdf58ac9a3e85f3569654c3a73706db6fca9f2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1D09E36011109AFCF05BF60EC0D89E3F65AF41781B144010B90A565B1DF7599A2DB51

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 223 284cf2-284d17 224 284d19-284d1b 223->224 225 284d20-284d28 223->225 226 284e12-284e1f call 282303 224->226 227 284d2a-284d34 225->227 228 284d50-284d54 225->228 227->228 230 284d36-284d4b 227->230 231 284d5a-284d69 call 2853c3 228->231 232 284e0c 228->232 234 284e11 230->234 237 284d6b-284d6f 231->237 238 284d71-284da6 231->238 232->234 234->226 239 284db9 call 284915 237->239 244 284da8-284dab 238->244 245 284dd2-284dda 238->245 242 284dbe-284dd0 239->242 242->234 244->245 246 284dad-284db1 244->246 247 284ddc-284ded call 29088d 245->247 248 284def-284e0a 245->248 246->232 250 284db3-284db6 246->250 247->232 247->248 248->234 250->239
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 0-307937090
                                                                                                                                                                                                                                • Opcode ID: 91760468744e681c6c5103402e54e01c702a3dc5ffb7eb5c777326da1bf807d9
                                                                                                                                                                                                                                • Instruction ID: d5dc652d756ed1a2b5e5d92f91b38ca776a633a6e35652e77cbb927b9f7e4348
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91760468744e681c6c5103402e54e01c702a3dc5ffb7eb5c777326da1bf807d9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B641813992111BABCB14FFA8D4909EDB7B9FF09310B540169E541E7680E730E964DBA0

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 252 283a58-283a72 253 283a7b-283a83 252->253 254 283a74-283a76 252->254 256 283aa4-283aa8 253->256 257 283a85-283a8f 253->257 255 283b54-283b61 call 282303 254->255 259 283aae-283abf call 2842e8 256->259 260 283b50 256->260 257->256 265 283a91-283aa2 257->265 268 283ac1-283ac5 259->268 269 283ac7-283afb 259->269 264 283b53 260->264 264->255 267 283b1d-283b1f 265->267 267->264 270 283b0e call 28340f 268->270 275 283afd-283b00 269->275 276 283b21-283b29 269->276 274 283b13-283b1a 270->274 274->267 275->276 279 283b02-283b06 275->279 277 283b2b-283b3c call 29088d 276->277 278 283b3e-283b4e 276->278 277->260 277->278 278->264 279->260 281 283b08-283b0b 279->281 281->270
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 0-307937090
                                                                                                                                                                                                                                • Opcode ID: 0f2870938badd3db057740e2854480294ae053ee0448d06357fcabd65cfc670c
                                                                                                                                                                                                                                • Instruction ID: 993fae02603ab83c0c475f0c4fec9888f5299908c5e26445c241f2cc08d8b9e8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f2870938badd3db057740e2854480294ae053ee0448d06357fcabd65cfc670c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA31937692111AAFCF14EF68D8909EDB7F8BF09724B140269E552E32D0D731FA64CB90

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00282B03: GetModuleHandleExW.KERNEL32(00000002,00000000,0027E5B1,?,?,00282AC6,?,?,00282A97,?,?,?,0027E5B1), ref: 00282B0F
                                                                                                                                                                                                                                • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,EEE1F32E,?,?,?,002A3374,000000FF), ref: 00282BF9
                                                                                                                                                                                                                                  • Part of subcall function 0027B920: std::_Throw_Cpp_error.LIBCPMT ref: 0027B94C
                                                                                                                                                                                                                                  • Part of subcall function 0027B920: std::_Throw_Cpp_error.LIBCPMT ref: 0027B968
                                                                                                                                                                                                                                  • Part of subcall function 00285C60: ReleaseSRWLockExclusive.KERNEL32(?,?,?,0027B9E9,?,0027FD92), ref: 00285C75
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Cpp_errorThrow_std::_$CallbackExclusiveFreeHandleLibraryLockModuleReleaseReturnsWhen
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 1423221283-307937090
                                                                                                                                                                                                                                • Opcode ID: 5cd81583355d507b775b55a69f63ef9fda031ba038e132436e801c0510bd6da9
                                                                                                                                                                                                                                • Instruction ID: 64fbd9e2d2f3a79c9cb03c173fafc25ede2146aaa2669ecaec4b5352fa0503b6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cd81583355d507b775b55a69f63ef9fda031ba038e132436e801c0510bd6da9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F11083AA16615DBCB26BF16EC05B6EB7A8EB41B20F14451AF401976E0CF34E820CF50

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 002750DB
                                                                                                                                                                                                                                  • Part of subcall function 0028277A: _Yarn.LIBCPMT ref: 0028279A
                                                                                                                                                                                                                                  • Part of subcall function 0028277A: _Yarn.LIBCPMT ref: 002827BE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Yarn$LockitLockit::_std::_
                                                                                                                                                                                                                                • String ID: bad locale name
                                                                                                                                                                                                                                • API String ID: 360232963-1405518554
                                                                                                                                                                                                                                • Opcode ID: a5d94ead250f2a3cf4fae08125f55479e1f5680a763f888f7fd64832558d63eb
                                                                                                                                                                                                                                • Instruction ID: 339742642c719eef90362149fc4efbb23f694cb7344f065f6af81ccf6f160827
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5d94ead250f2a3cf4fae08125f55479e1f5680a763f888f7fd64832558d63eb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93012D349155189FCB08FFE8C4917ADBBB0EF44308F44846CE94A57743DA70AAA0CF96

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 334 29ad2d-29ad4f 335 29af42 334->335 336 29ad55-29ad57 334->336 339 29af44-29af48 335->339 337 29ad59-29ad78 call 28f3f8 336->337 338 29ad83-29ada6 336->338 345 29ad7b-29ad7e 337->345 341 29ada8-29adaa 338->341 342 29adac-29adb2 338->342 341->342 344 29adb4-29adc5 341->344 342->337 342->344 346 29add8-29ade8 call 29b05a 344->346 347 29adc7-29add5 call 299add 344->347 345->339 352 29adea-29adf0 346->352 353 29ae31-29ae43 346->353 347->346 354 29ae19-29ae2f call 29b0d7 352->354 355 29adf2-29adf5 352->355 356 29ae9a-29aeba WriteFile 353->356 357 29ae45-29ae4b 353->357 375 29ae12-29ae14 354->375 358 29ae00-29ae0f call 29b49e 355->358 359 29adf7-29adfa 355->359 361 29aebc-29aec2 GetLastError 356->361 362 29aec5 356->362 363 29ae4d-29ae50 357->363 364 29ae86-29ae93 call 29b506 357->364 358->375 359->358 365 29aeda-29aedd 359->365 361->362 369 29aec8-29aed3 362->369 370 29ae72-29ae84 call 29b6ca 363->370 371 29ae52-29ae55 363->371 374 29ae98 364->374 378 29aee0-29aee2 365->378 376 29af3d-29af40 369->376 377 29aed5-29aed8 369->377 381 29ae6d-29ae70 370->381 371->378 379 29ae5b-29ae68 call 29b5e1 371->379 374->381 375->369 376->339 377->365 382 29af10-29af1c 378->382 383 29aee4-29aee9 378->383 379->381 381->375 385 29af1e-29af24 382->385 386 29af26-29af38 382->386 387 29aeeb-29aefd 383->387 388 29af02-29af0b call 28ebf0 383->388 385->335 385->386 386->345 387->345 388->345
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0029B0D7: GetConsoleOutputCP.KERNEL32(EEE1F32E,00000000,00000000,?), ref: 0029B13A
                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,0028A691,?,0028A8F3), ref: 0029AEB2
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,0028A691,?,0028A8F3,?,0028A8F3,?,?,?,?,?,?,?,?,?,?), ref: 0029AEBC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2915228174-0
                                                                                                                                                                                                                                • Opcode ID: 2eb8080309975d7a3cd7fad78e56b00884e08ef0c0ca57e7a9a16443375feb52
                                                                                                                                                                                                                                • Instruction ID: be51160dd52219a423da8c1d6dfc85301a35071ba02f55c044916ce462782616
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2eb8080309975d7a3cd7fad78e56b00884e08ef0c0ca57e7a9a16443375feb52
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE61C5B1C2021AAFDF11CFA8D984EEEBBB9BF09304F140555E905A7252D376DD21CBA1

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 391 29b506-29b55b call 286c90 394 29b55d 391->394 395 29b5d0-29b5e0 call 282303 391->395 397 29b563 394->397 399 29b569-29b56b 397->399 400 29b56d-29b572 399->400 401 29b585-29b5aa WriteFile 399->401 402 29b57b-29b583 400->402 403 29b574-29b57a 400->403 404 29b5c8-29b5ce GetLastError 401->404 405 29b5ac-29b5b7 401->405 402->399 402->401 403->402 404->395 405->395 406 29b5b9-29b5c4 405->406 406->397 407 29b5c6 406->407 407->395
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,0029AE98,?,0028A8F3,?,?,?,00000000), ref: 0029B5A2
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,0029AE98,?,0028A8F3,?,?,?,00000000,?,?,?,?,?,0028A691,?,0028A8F3), ref: 0029B5C8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 442123175-0
                                                                                                                                                                                                                                • Opcode ID: 68cf18b19de3280a0910d040ec9ecf49e24ecb9cec766687d4eb094b7dcf3ac3
                                                                                                                                                                                                                                • Instruction ID: 2f85ea4b425027a8f5a18e950454f789891142c15ee08a54a9d768ac8fd85377
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68cf18b19de3280a0910d040ec9ecf49e24ecb9cec766687d4eb094b7dcf3ac3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3621A034A10219DBCF16CF29ED84AE9B7B9EF49301F5541A9E906D7211DB30ED52CF60

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 002748DF
                                                                                                                                                                                                                                  • Part of subcall function 00274D90: std::_Lockit::_Lockit.LIBCPMT ref: 00274DBE
                                                                                                                                                                                                                                  • Part of subcall function 00274D90: std::_Lockit::~_Lockit.LIBCPMT ref: 00274DE9
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 002749AB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 593203224-0
                                                                                                                                                                                                                                • Opcode ID: b61d9b2c69e687cfa4ab691507f751823c47afc995e8a68a7d92c31e8b920936
                                                                                                                                                                                                                                • Instruction ID: 03cb2ea1486fac29aa9c07d6c03bc0a50827176f1b5bcc9979db3625e6d1199b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b61d9b2c69e687cfa4ab691507f751823c47afc995e8a68a7d92c31e8b920936
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4631C6B4D10209DFCB04FFA4D4959AEBBB0FF08300F508569E959A7241EB34AA54CF92

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 438 294c19-294c1e 439 294c20-294c38 438->439 440 294c3a-294c3e 439->440 441 294c46-294c4f 439->441 440->441 442 294c40-294c44 440->442 443 294c61 441->443 444 294c51-294c54 441->444 445 294cbb-294cbf 442->445 448 294c63-294c70 GetStdHandle 443->448 446 294c5d-294c5f 444->446 447 294c56-294c5b 444->447 445->439 449 294cc5-294cc8 445->449 446->448 447->448 450 294c9d-294caf 448->450 451 294c72-294c74 448->451 450->445 452 294cb1-294cb4 450->452 451->450 453 294c76-294c7f GetFileType 451->453 452->445 453->450 454 294c81-294c8a 453->454 455 294c8c-294c90 454->455 456 294c92-294c95 454->456 455->445 456->445 457 294c97-294c9b 456->457 457->445
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,?,00000000,00294B08,002AEBC0), ref: 00294C65
                                                                                                                                                                                                                                • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00294B08,002AEBC0), ref: 00294C77
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileHandleType
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3000768030-0
                                                                                                                                                                                                                                • Opcode ID: 1d9698a2e837bf9328cc0d6cf98ed43c924239f1e4afbad92650d4ace1284bb0
                                                                                                                                                                                                                                • Instruction ID: 6ff1009ef7b7efa63fc932dbd6415d97e0f659f3bc58908ffdf7c6464520920e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d9698a2e837bf9328cc0d6cf98ed43c924239f1e4afbad92650d4ace1284bb0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D011E131225B424ECF305E3E9CC8E22BA94AB92334B38071FD5B7925F1C274D8A7D240

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 458 28277a-282782 call 290cd7 460 282787-2827a4 call 2827e0 458->460 463 2827b0-2827c5 call 2827e0 460->463 464 2827a6-2827af call 290cd7 460->464 464->463
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Yarn
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1767336200-0
                                                                                                                                                                                                                                • Opcode ID: 13f9f073f0503eba9e4a38a62ea351ec08ca84c05d0a67c35f50e533c722a3cb
                                                                                                                                                                                                                                • Instruction ID: 1a0f5db860455bb9970d94e0ec264937b372a09dacdd09e3ed3c4ace34627aa2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13f9f073f0503eba9e4a38a62ea351ec08ca84c05d0a67c35f50e533c722a3cb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FE0E536314209AFEB1866669C52B7673D8DF41761F10012EF90ADA5C1FE11AC588A65
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32 ref: 00271BC8
                                                                                                                                                                                                                                • GetModuleFileNameA.KERNEL32 ref: 00271BE8
                                                                                                                                                                                                                                  • Part of subcall function 00271890: CreateFileA.KERNELBASE ref: 00271913
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileModule$CreateHandleName
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2828212432-0
                                                                                                                                                                                                                                • Opcode ID: 6eeb6e32d46187fe2d5c7f93b6ff966c523f81caea29c83563b189815c2cb501
                                                                                                                                                                                                                                • Instruction ID: bf929c34ef553c3ab8ec046adf840d235cf9af366103ff682c15d7c3b746dc5a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6eeb6e32d46187fe2d5c7f93b6ff966c523f81caea29c83563b189815c2cb501
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44F0BDB19042088FD754EF78E9497DDBBF4EB59300F4185ADD4C9D7240EE7499988F82
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,?,00297421,?,00000000,?,?,002970C1,?,00000007,?,?,00297A07,?,?), ref: 0029319D
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00297421,?,00000000,?,?,002970C1,?,00000007,?,?,00297A07,?,?), ref: 002931A8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                                                                                • Opcode ID: 2fddb8faf8ce721276a101bcf9dd2d8dfa69bcb911bf8f9f0ce8e7e8720bf382
                                                                                                                                                                                                                                • Instruction ID: fab8f3751f07f09637c4b580b8102bae6baab38474565c47176b298e803efc14
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fddb8faf8ce721276a101bcf9dd2d8dfa69bcb911bf8f9f0ce8e7e8720bf382
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28E08C32501204ABCF113FA4BC0DB993AA9FB41795F054028FA0E964B0DA348960CF84
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 5a815df7e5e07e573cc4a1eee4e0ebea1f9989cc5eeeb254127fc0929aac8392
                                                                                                                                                                                                                                • Instruction ID: dc349d02c41929959134abb1046fc8046e0d72925eb2be1942a96b3816f895ec
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a815df7e5e07e573cc4a1eee4e0ebea1f9989cc5eeeb254127fc0929aac8392
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 560192336202159F9F16AF68FC94E277769FB85720B644224FA058B194EE30E8629B90
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3988221542-0
                                                                                                                                                                                                                                • Opcode ID: b4203be3dc67a9166e6ffc007deb74b333d48104f6a914094e80ab94c03f43f8
                                                                                                                                                                                                                                • Instruction ID: 31c01e319e719ce1e42bebb7e4db5248d9993edb8d103b0382e476539d8e3cc3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4203be3dc67a9166e6ffc007deb74b333d48104f6a914094e80ab94c03f43f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6801F27F62A2035BCB19EF78E8697A87B50FF41338F2041AFD012964C1CB22A530C750
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,?,002822A9,?,?,00273E32,00001000,?,00273D7A), ref: 002931F3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                • Opcode ID: 63fd990d21aa98811cdc73ed16022cdd5a1694280ff996f409cdd36180df30d3
                                                                                                                                                                                                                                • Instruction ID: 3fde02d3c42307aa1c038e14584f581cd6b6d5cdd82faf303e380d26aa71ce39
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63fd990d21aa98811cdc73ed16022cdd5a1694280ff996f409cdd36180df30d3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5E0653553122357EE21BE659C05B5B7688EF427A0F150121AC1ED61F1DFA1CE2186A1
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 002808F1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 118556049-0
                                                                                                                                                                                                                                • Opcode ID: 238d24ba721e6323cc6bf01d29c27b2a15ce58c99b8b4b94d52b965bb8bb163e
                                                                                                                                                                                                                                • Instruction ID: 0f91a375cf4179fc695b83e748d484d70efc9e5b7836615468a5318f083532ac
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 238d24ba721e6323cc6bf01d29c27b2a15ce58c99b8b4b94d52b965bb8bb163e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCE04F34C21308DBCB44FFA4D14556DB7B4AF84311F1080A9E84957391DB319E68CF81
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 0027BDD1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 118556049-0
                                                                                                                                                                                                                                • Opcode ID: a30ae68e049c7e956b783bb4e37629f1f29edf683a27e5578c88f21e457d13c9
                                                                                                                                                                                                                                • Instruction ID: 860bb95f1dca68847cc2cb490fe5eab3142f12df0b1470efa36b521268856807
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a30ae68e049c7e956b783bb4e37629f1f29edf683a27e5578c88f21e457d13c9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4E04634C20208EBCB18EFA4D14569CBBB4AF85304F1080AAE84967351DB31AE24CF85
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __floor_pentium4
                                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                • Opcode ID: 715a1a311ed2092495fa056d079ed95b40e09c36b1d13514e6d7bc7d7441404a
                                                                                                                                                                                                                                • Instruction ID: 19f9f87d6ad12835c04d4a98771ceed924bc75af36ce59f9aede858b2a7040bb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 715a1a311ed2092495fa056d079ed95b40e09c36b1d13514e6d7bc7d7441404a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BED23C71E282298FDFA4CE28DD407EAB7B5EB45305F1441EAD40DE7240EB78AE958F41
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,00298515,00000002,00000000,?,?,?,00298515,?,00000000), ref: 00298BDD
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,00298515,00000002,00000000,?,?,?,00298515,?,00000000), ref: 00298C06
                                                                                                                                                                                                                                • GetACP.KERNEL32(?,?,00298515,?,00000000), ref: 00298C1B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                                                                                                • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                • Opcode ID: 212cbc60c22dadcdbdfaae786f577edf91656651324e2b63e600f6959a791be3
                                                                                                                                                                                                                                • Instruction ID: f337408064baec3998a88cbcbc7d4dbb2fd72ed00913f0cd6654a198d0ffaf3b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 212cbc60c22dadcdbdfaae786f577edf91656651324e2b63e600f6959a791be3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D521F8B2730102ABDF349F58C911A9773A6EF56F68B5E8425E90AD7100EF32DD51D360
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00293413: GetLastError.KERNEL32(00000000,?,00295749), ref: 00293417
                                                                                                                                                                                                                                  • Part of subcall function 00293413: SetLastError.KERNEL32(00000000,?,?,00000028,0028F7C9), ref: 002934B9
                                                                                                                                                                                                                                • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 002984E7
                                                                                                                                                                                                                                • IsValidCodePage.KERNEL32(00000000), ref: 00298525
                                                                                                                                                                                                                                • IsValidLocale.KERNEL32(?,00000001), ref: 00298538
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00298580
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0029859B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 415426439-0
                                                                                                                                                                                                                                • Opcode ID: 5f26a4738c8e875a94118e63387ba875c7ad1872293b94a2ec56edb61e72546f
                                                                                                                                                                                                                                • Instruction ID: b72063bd5f2ea41ab13bb4fff910f4dacf2edfa9d2c1b44e7eb925621c2d649a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f26a4738c8e875a94118e63387ba875c7ad1872293b94a2ec56edb61e72546f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3515E71A2020AABDF10DFA4DC45ABE77B8BF16700F094469E915E7190EFB4DA24CB61
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: e210328f8d4f359fac80214519e11883391db29b0651a67b32ed7d6b3dc8e133
                                                                                                                                                                                                                                • Instruction ID: a8a2d8a5215dbdb6cd05a655f7959b57a728880f689d9fa5147eeb004bf55d12
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e210328f8d4f359fac80214519e11883391db29b0651a67b32ed7d6b3dc8e133
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E024D71E1121A9FDF14CFA9C8806AEBBF5FF48314F258269D919E7380D731A961CB90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00299216
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                                                                                                • Opcode ID: 4b73fef59fb79e9a95356c10fd91ecdd2225389b2c840ed1a172c16195ddcff7
                                                                                                                                                                                                                                • Instruction ID: e6f1c0ce5fee7ed917a0e91e997ad79431a0f05299e814941f7ade58bf9a6c65
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b73fef59fb79e9a95356c10fd91ecdd2225389b2c840ed1a172c16195ddcff7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92710171C1516AAFDF20EF68CC8DABAB7B8AB05310F1441DDE40DA7251DA318EE58F14
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00286534
                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00286600
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00286619
                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00286623
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 254469556-0
                                                                                                                                                                                                                                • Opcode ID: 078b3c8b3b3ece4f97290737cd4800e12fbc198a86860e9a98b7672ba32c6fa5
                                                                                                                                                                                                                                • Instruction ID: 99b93c309a0e0470960585963f93c15c1620c6868220cfac9e1a35a4abdb11d3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 078b3c8b3b3ece4f97290737cd4800e12fbc198a86860e9a98b7672ba32c6fa5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E31FBB5D022199BDF20EFA4D9497CDBBB8BF08304F10419AE40DA7290EB759A85CF45
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00287122
                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00287131
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0028713A
                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00287147
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                • Opcode ID: 4c8ed87daaff8e05aa943293c15354c362088c9f62f7fcedb66d7bcac63f78b5
                                                                                                                                                                                                                                • Instruction ID: 8f646791dc4dc4add412858f11f55e022237aa41dcf66fc8029e6fdd097a45b5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c8ed87daaff8e05aa943293c15354c362088c9f62f7fcedb66d7bcac63f78b5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17F06274D1120DEFCB00DBB4DA8999EBBF4EF1D200B914995A412F7510EB34AB449B51
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00293413: GetLastError.KERNEL32(00000000,?,00295749), ref: 00293417
                                                                                                                                                                                                                                  • Part of subcall function 00293413: SetLastError.KERNEL32(00000000,?,?,00000028,0028F7C9), ref: 002934B9
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0029871F
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00298769
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0029882F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 661929714-0
                                                                                                                                                                                                                                • Opcode ID: 9a92c8d74486c538594fdd503274767caeed341aec49479e17d54490835d11a3
                                                                                                                                                                                                                                • Instruction ID: 14db9e8d6840c1e8ea32ba92d32c7b5015c047d8910a244e65e14f89fea6fd43
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a92c8d74486c538594fdd503274767caeed341aec49479e17d54490835d11a3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A61727192021B9FEF299F24CC86BAAB7A9FF05300F584179E905C6681EF74D961CF60
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0028F3A8
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0028F3B2
                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0028F3BF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                                                                • Opcode ID: 696ca3794300640903e57ef6676cbbf81ee3d4ad384f0af111e67648cef51b4c
                                                                                                                                                                                                                                • Instruction ID: 4e93ab70640be9f6b838178cf5b1fd573608e2b3226c8955eb5d0176fca01d1e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 696ca3794300640903e57ef6676cbbf81ee3d4ad384f0af111e67648cef51b4c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 043105759122199BCB21EF24D888B8DBBB8BF08310F5041EAE40CA7291EB709F85CF44
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,0028E2A3,?,20001004,00000000,00000002,?,?,0028D1B5), ref: 00293EE0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 2299586839-307937090
                                                                                                                                                                                                                                • Opcode ID: 879ad40cfbb43975d83537e2090e8b0f9730e4e6970cd9d458a35c739b7b83d4
                                                                                                                                                                                                                                • Instruction ID: fc7cf886ecead14d41f277998487a7b48cbbd10878c1f3f9b5d03eede1e483ec
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 879ad40cfbb43975d83537e2090e8b0f9730e4e6970cd9d458a35c739b7b83d4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1E04F31910118BBCF226F60EC08EAE3E5AEF45BA0F044411FD5A66560DB768931AE94
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0029CCF2,?,?,00000008,?,?,002A318B,00000000), ref: 0029CFC4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                                                                                • Opcode ID: 7ab2eaacf720e8e30c59dba2086c13cffe6ac0c43573f3b15583973af0631c35
                                                                                                                                                                                                                                • Instruction ID: 4cf3133571cc2c8244b0f9829b05a9c6cec7bb0e1d4bf8569dc8ddb68928f483
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ab2eaacf720e8e30c59dba2086c13cffe6ac0c43573f3b15583973af0631c35
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCB18E31520609DFDB19CF28C48AB657BE1FF45364F258659E8DACF2A1C335E9A2CB40
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 002861AA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2325560087-0
                                                                                                                                                                                                                                • Opcode ID: ddef3870884f1eb9bf5cfbca7923ebac1e2fe13753e5d1ec2a99f10365a37e66
                                                                                                                                                                                                                                • Instruction ID: 0315cb603e14bbdbb3c678d29a6bb365c47fce87bbcce7d5878341f5e7e8bf57
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ddef3870884f1eb9bf5cfbca7923ebac1e2fe13753e5d1ec2a99f10365a37e66
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51A14BB59117068FDB69CF54E8E96AEFBF1FB48324F24826AD401E7290D774A850CF90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00294497: HeapAlloc.KERNEL32(00000008,00001000,?,?,002935B1,00000001,00000364,?,00000005,000000FF,?,?,0028EB69,00293204), ref: 002944D8
                                                                                                                                                                                                                                • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00299216
                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 0029930A
                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00299349
                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0029937C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Find$CloseFile$AllocFirstHeapNext
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2701053895-0
                                                                                                                                                                                                                                • Opcode ID: c95be05b1b7c073a131dec28fb780726ecebd9a46917c445dbf9b50228fa0475
                                                                                                                                                                                                                                • Instruction ID: fced96d269cdf9f32c66c2f64aabf639d0918f20f0480362a676c4188c6238ce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c95be05b1b7c073a131dec28fb780726ecebd9a46917c445dbf9b50228fa0475
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7051897591010AAFDF20EF6C9C89ABEB7A9EF85364F14419DF41DD7201EA308DA18F60
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                • Opcode ID: e55c72ab741600fcc17366e5c68ce07886aa09994ed7302df3c4a3fdf7568974
                                                                                                                                                                                                                                • Instruction ID: f1a3243f069f6799fe572c0ccd4d3c3563e0653ce377bf7f6682f95d22911664
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e55c72ab741600fcc17366e5c68ce07886aa09994ed7302df3c4a3fdf7568974
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2EC1EF7C922607CECB29EE68C488A7ABBB1EF05300F344659D856976D6C330A965CB71
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00293413: GetLastError.KERNEL32(00000000,?,00295749), ref: 00293417
                                                                                                                                                                                                                                  • Part of subcall function 00293413: SetLastError.KERNEL32(00000000,?,?,00000028,0028F7C9), ref: 002934B9
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 002989D1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3736152602-0
                                                                                                                                                                                                                                • Opcode ID: 74ce5f66ed753201e68ce763b55382ea4f18475efaa2d42eb24eb8e99a0e3111
                                                                                                                                                                                                                                • Instruction ID: f2a12bbb4fe774a6513084559ea7a1d017fc1cc7c6c01c60a0b5e31c99531686
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74ce5f66ed753201e68ce763b55382ea4f18475efaa2d42eb24eb8e99a0e3111
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D21B032625206ABDF289F24DC52ABA73A8EF06314F14007BFD06D6241EF74ED608B50
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                • Opcode ID: e7ff9a69b250e503129099658b52b38003e7ac241dfa5df9f2d0fd2e8d89caa4
                                                                                                                                                                                                                                • Instruction ID: 557b8d8c8b9c2cfbede02e0d934d927e94e332515634e2210e6618efa2a029b1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7ff9a69b250e503129099658b52b38003e7ac241dfa5df9f2d0fd2e8d89caa4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2BB115789226078BEB25BF28C5556BEB7B0AF05301F144A1FD452D7AD0DF31AA21CB53
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00293413: GetLastError.KERNEL32(00000000,?,00295749), ref: 00293417
                                                                                                                                                                                                                                  • Part of subcall function 00293413: SetLastError.KERNEL32(00000000,?,?,00000028,0028F7C9), ref: 002934B9
                                                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(002986CB,00000001,00000000,?,-00000050,?,002984BB,00000000,-00000002,00000000,?,00000055,?), ref: 002986A2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2417226690-0
                                                                                                                                                                                                                                • Opcode ID: 072f29340d9d9ba389cf613d719cb30d0361baf39c8b1d0cd6bb1e6fc0967d10
                                                                                                                                                                                                                                • Instruction ID: e77fc22909091f48d551fd036ab0346f5b5c03c037a21f2720a031365fa9e7fb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 072f29340d9d9ba389cf613d719cb30d0361baf39c8b1d0cd6bb1e6fc0967d10
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B11293A2107015FDF189F38D8916BAB795FF81358B19442CEA474BA40E775A952CB40
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00293413: GetLastError.KERNEL32(00000000,?,00295749), ref: 00293417
                                                                                                                                                                                                                                  • Part of subcall function 00293413: SetLastError.KERNEL32(00000000,?,?,00000028,0028F7C9), ref: 002934B9
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00298AF1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3736152602-0
                                                                                                                                                                                                                                • Opcode ID: 1d51f4eb32bb69ca15f8adbe17d78f9aa39e2ca79faabca3263ec9325f4342b8
                                                                                                                                                                                                                                • Instruction ID: 5091194a02aaeb2ede822d4bf51b3a6571cc26e5ddf47b8e470044f62578129a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d51f4eb32bb69ca15f8adbe17d78f9aa39e2ca79faabca3263ec9325f4342b8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B11E372A211069BDB18EF28DC56ABA73E8EF05314B18007AE506D7281EF78E910CB90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00293413: GetLastError.KERNEL32(00000000,?,00295749), ref: 00293417
                                                                                                                                                                                                                                  • Part of subcall function 00293413: SetLastError.KERNEL32(00000000,?,?,00000028,0028F7C9), ref: 002934B9
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,002988E7,00000000,00000000,?), ref: 00298C76
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3736152602-0
                                                                                                                                                                                                                                • Opcode ID: 936278d8bc90d051a056f87841c2ad42cfc6da55ac64883abeb5e626714c1e47
                                                                                                                                                                                                                                • Instruction ID: 26130a0f8773b466ae9c78513cfcb2ac5171d0f97e9da3d652045ca54189e234
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 936278d8bc90d051a056f87841c2ad42cfc6da55ac64883abeb5e626714c1e47
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F001D632A20513BBDF2C9B24C8067BA3768DB41754F19443EAC46A3180EE74EE51CAA0
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00293413: GetLastError.KERNEL32(00000000,?,00295749), ref: 00293417
                                                                                                                                                                                                                                  • Part of subcall function 00293413: SetLastError.KERNEL32(00000000,?,?,00000028,0028F7C9), ref: 002934B9
                                                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(0029897D,00000001,?,?,-00000050,?,00298483,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00298968
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2417226690-0
                                                                                                                                                                                                                                • Opcode ID: be0a48a6b6109880477ea76993cef29aae099ad02537338342e9c74ea40432be
                                                                                                                                                                                                                                • Instruction ID: 052a68f3f40b0b1c1f7c8a31783e0099d367b7cef6d6415c933f30882e7b7c98
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be0a48a6b6109880477ea76993cef29aae099ad02537338342e9c74ea40432be
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CF0F6362103055FEF285F359C81A7A7B91EF823A8B19442DF9465B790DAB29C52CB50
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 0028F547: EnterCriticalSection.KERNEL32(?,?,0028CD41,00000000,002AE728,0000000C,0028CCFA,00001000,?,002944CA,00001000,?,002935B1,00000001,00000364,?), ref: 0028F556
                                                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(0029439A,00000001,002AEBA0,0000000C,00293DA8,-00000050), ref: 002943DF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1272433827-0
                                                                                                                                                                                                                                • Opcode ID: 11c8f8d37ed415c0b23cd38e6bfc29f0dee88037898cf19b21a07ab8146f8f6a
                                                                                                                                                                                                                                • Instruction ID: 655fb3e55f5cfeb57a90c10dcfe483be1e91d6277d5aa94d9962f9d1140ee623
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11c8f8d37ed415c0b23cd38e6bfc29f0dee88037898cf19b21a07ab8146f8f6a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56F03776A21200DFDB04EF98E84AB9D77B0FB09725F10426AE811DB2E1DB795951CF50
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00293413: GetLastError.KERNEL32(00000000,?,00295749), ref: 00293417
                                                                                                                                                                                                                                  • Part of subcall function 00293413: SetLastError.KERNEL32(00000000,?,?,00000028,0028F7C9), ref: 002934B9
                                                                                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(00298A9D,00000001,?,?,?,002984DD,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 00298A89
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2417226690-0
                                                                                                                                                                                                                                • Opcode ID: 87bf9def9e32238f2545c1d7acfc1e4b9999c89f9eb8c63b1aeabe677e65a968
                                                                                                                                                                                                                                • Instruction ID: 04cdd8883225eabcf95123e0c4476a1dce6d0b02fa8977e871f986572788876f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87bf9def9e32238f2545c1d7acfc1e4b9999c89f9eb8c63b1aeabe677e65a968
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07F0E5363102065BCF149F76E84966A7F94EFC2764B0A405AEA068B650CA769992CB90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_0001663D), ref: 00286521
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                • Opcode ID: d40e18f91cdd28c7fbd04a136155d73de3039310713fe76741cc154bc2cac263
                                                                                                                                                                                                                                • Instruction ID: ddf371bbbd6def2529dea4a10d31375f73ca83a1eaac3faf86d0d8657b0331c8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d40e18f91cdd28c7fbd04a136155d73de3039310713fe76741cc154bc2cac263
                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                                                                • Opcode ID: e6dff36d971018d8b5bcf01247c4e5033cbbefae91852053ccd2a3026e872ce3
                                                                                                                                                                                                                                • Instruction ID: 9f52cfa7d06037ba54e64df559c4fb3a22cc699b4543c9265dde54092e19dcc4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6dff36d971018d8b5bcf01247c4e5033cbbefae91852053ccd2a3026e872ce3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DA00170602206CBA7948F35BB0E21A3AE9AA8669174541A9AA0AD5560EA2894549A01
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 9c0d5f366dfa6194cbd8ce5c3ec58c415ac77f5b051885d266e8de687eecd5e1
                                                                                                                                                                                                                                • Instruction ID: 35f6d25dde3dc228b74796b53b2d0451837a333443e26e1171b31e527b026f9c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c0d5f366dfa6194cbd8ce5c3ec58c415ac77f5b051885d266e8de687eecd5e1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78517AB4D202099FCB40DFA8D5919EEBBF4AF09350F24945AE819FB210D734AA51CF65
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 62b9f924117bcdfb43cc2f1b9cfdc48f37f40a0e53f3d817c5ed14bd3e15304a
                                                                                                                                                                                                                                • Instruction ID: 83646a7f6ad6e697822a0f65252b6c1efae5f7683a6b9a1c2b7f47f0ca6791c5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62b9f924117bcdfb43cc2f1b9cfdc48f37f40a0e53f3d817c5ed14bd3e15304a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41D06C3A641A58AFC210CF4AE440D41F7A8FB89770B558166EA0993B21C231F811CFE0
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00287977
                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 0028797F
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00287A08
                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00287A33
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00287A88
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm$&(
                                                                                                                                                                                                                                • API String ID: 1170836740-2222876811
                                                                                                                                                                                                                                • Opcode ID: 17012955d6b110431ff82ebda2f71ce1b5839c460e668bc1ded96f84135b5c1a
                                                                                                                                                                                                                                • Instruction ID: 14b12a10379bc7bf71da3bee0a323b5fa02d854cfd6d911a91c342a49939bbfc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17012955d6b110431ff82ebda2f71ce1b5839c460e668bc1ded96f84135b5c1a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20411B389252199BCF10EF68C885A9EBBB5BF45310F248155E8155B3E2D731EE21CF90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCPInfo.KERNEL32(01414CE0,01414CE0,00000000,7FFFFFFF,?,002A1F0D,01414CE0,01414CE0,00000000,01414CE0,?,?,?,?,01414CE0,00000000), ref: 002A1FC8
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 002A2083
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 002A2112
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A215D
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A2163
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A2199
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A219F
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A21AF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 127012223-0
                                                                                                                                                                                                                                • Opcode ID: 440bfe0377a0afae0b729ff969bf67eabf70063b167d86f1a77c37ff117c0097
                                                                                                                                                                                                                                • Instruction ID: 24998e72046bd6b29d12768867222000f922f7abed00267ab1c6dac078d51a33
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 440bfe0377a0afae0b729ff969bf67eabf70063b167d86f1a77c37ff117c0097
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D771F672920246DBDF24AF5C8C41BAF7BBA9F57310F254055EE08A7282DF758C28CB60
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 00286AB0
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00286ADC
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00286B1B
                                                                                                                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00286B38
                                                                                                                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00286B77
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00286B94
                                                                                                                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00286BD6
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00286BF9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2040435927-0
                                                                                                                                                                                                                                • Opcode ID: b3519a2a1b117964091e53bfdb2a7e5a97c30748bef63b5f971b53b3eb362813
                                                                                                                                                                                                                                • Instruction ID: 005431f8575fe0c72b362ada44667e48166a28296502d17186d27d8d2252e825
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3519a2a1b117964091e53bfdb2a7e5a97c30748bef63b5f971b53b3eb362813
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E251807652220BAFEB216F50CC4DFAB7BA9EF44758F144429F915E61D0DB74DC208BA0
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _strrchr
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3213747228-0
                                                                                                                                                                                                                                • Opcode ID: c3ed0d376608a570b3b521b077c8efc077dfbec983f27d761b9b7f2e2db3b283
                                                                                                                                                                                                                                • Instruction ID: 82f8753ddc7e8e1ccd86c33360accef76e26b213b9d1a0b3535de479c825bad5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3ed0d376608a570b3b521b077c8efc077dfbec983f27d761b9b7f2e2db3b283
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DB15872E203969FDF118F64CC85BAE7BE5EF55710F1841A5E808AB382D7749921CBA0
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • type_info::operator==.LIBVCRUNTIME ref: 00292945
                                                                                                                                                                                                                                • CallUnexpected.LIBVCRUNTIME ref: 00292BBE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                • String ID: T*$csm$csm$csm
                                                                                                                                                                                                                                • API String ID: 2673424686-3689735377
                                                                                                                                                                                                                                • Opcode ID: 0435bddf54c662ce9f9ff70543928f48f66fca298882ba71c9f65a6fff275ea9
                                                                                                                                                                                                                                • Instruction ID: 5056384701b357a4fcfed52aa24210281fdef0527d1f770365afc2e77a241a3c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0435bddf54c662ce9f9ff70543928f48f66fca298882ba71c9f65a6fff275ea9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85B1683282020AEFCF25DFA4D881AAEB7B5FF14314F14415AE8156B256D334DA79CFA1
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00285C93
                                                                                                                                                                                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,00285C5C,?,00000000,?,0027B93C,?,?,0027D94E), ref: 00285CB2
                                                                                                                                                                                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00285C5C,?,00000000,?,0027B93C,?,?,0027D94E), ref: 00285CE0
                                                                                                                                                                                                                                • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00285C5C,?,00000000,?,0027B93C,?,?,0027D94E), ref: 00285D3B
                                                                                                                                                                                                                                • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00285C5C,?,00000000,?,0027B93C,?,?,0027D94E), ref: 00285D52
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                • String ID: \\(
                                                                                                                                                                                                                                • API String ID: 66001078-3109860452
                                                                                                                                                                                                                                • Opcode ID: 1d66649e96443251f75e01032f5af6d29aa0eb48dcc9de99349557c3d59a675a
                                                                                                                                                                                                                                • Instruction ID: 8c1b5a452cdc29f029777a6cc68a5aadf8ddfcdcff67409e341221eafc0c42cb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d66649e96443251f75e01032f5af6d29aa0eb48dcc9de99349557c3d59a675a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C418C39522A2BDFCB20EF65D4889AAB7F5FF04311B50492AD806C7690D730E9A5CF50
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0028295D
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00282968
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 002829D6
                                                                                                                                                                                                                                  • Part of subcall function 0028285F: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00282877
                                                                                                                                                                                                                                • std::locale::_Setgloballocale.LIBCPMT ref: 00282983
                                                                                                                                                                                                                                • _Yarn.LIBCPMT ref: 00282999
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 1088826258-307937090
                                                                                                                                                                                                                                • Opcode ID: 074684fe6768ee4ea4bc6b1530fb3511592d518b933ab699857aacf8613239ee
                                                                                                                                                                                                                                • Instruction ID: 2baea50721e6b86f6c294f7f71b03b7ca5d9e1f7a572c1c70f1c5d613d74a901
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 074684fe6768ee4ea4bc6b1530fb3511592d518b933ab699857aacf8613239ee
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24019E7DA12121DBDB06BF20E81953D7B6ABF81750B140108E811173C1DF346E2ACFD1
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,EEE1F32E,?,?,00000000,002A3374,000000FF,?,0028CAFD,0028C9E4,?,0028CB99,00000000), ref: 0028CA71
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0028CA83
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000,002A3374,000000FF,?,0028CAFD,0028C9E4,?,0028CB99,00000000), ref: 0028CAA5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll$&(
                                                                                                                                                                                                                                • API String ID: 4061214504-1743061208
                                                                                                                                                                                                                                • Opcode ID: e93c3f8e5573f83f449b6c894d22be3e2507d2bbd898273f995100631c45c307
                                                                                                                                                                                                                                • Instruction ID: c5e03fbb55372ebb82b3fcd20d73cf5814555ca3e38439625bb87e43c5de737f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e93c3f8e5573f83f449b6c894d22be3e2507d2bbd898273f995100631c45c307
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B801A73191461AAFCB15DF54EC09BAEBBB8FB06B11F044625F812A26D0DF74A910CB90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00286CC1
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00286CCF
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00286CE0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                • Opcode ID: f40f8cfd3e81b942406fd631a4e6aa9f003b9b143947f78cedcb15bf764f55d4
                                                                                                                                                                                                                                • Instruction ID: 0594a826f76035520612295f9f36018bede54dadfc1ef354a3d220d49040fef5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f40f8cfd3e81b942406fd631a4e6aa9f003b9b143947f78cedcb15bf764f55d4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAD09E755653115F83115BB47C0D89A3AA4EE1B7113490556F806D3550DFB89451CF51
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 96b05926ecfa2129415fdd82a4cb66c48ef9868a3113d10270a4aab660b942fa
                                                                                                                                                                                                                                • Instruction ID: 2f11a01f2573364cc08643eaf90b58b261f9b2a7b4e6c774574184a9cce4a8cb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 96b05926ecfa2129415fdd82a4cb66c48ef9868a3113d10270a4aab660b942fa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09B1F574A2434AAFDF11DFA8D841BBD7BB0BF49314F248198E905A7292C7709D61CF64
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00291FA5,00287361,00286681), ref: 00291FBC
                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00291FCA
                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00291FE3
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00291FA5,00287361,00286681), ref: 00292035
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                                                                • Opcode ID: e290912e058a04affc13045b87cde17656c324bde846b89376dbffc8322ec2aa
                                                                                                                                                                                                                                • Instruction ID: 291db3c5d12d24c1f81ffe097930238ed40baba4aa8dd26b1f3a2c72a0ef0b4c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e290912e058a04affc13045b87cde17656c324bde846b89376dbffc8322ec2aa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2501B53622A717BEBE252A757D8A9272644DB61B75B20032AF520440E2EF928C65E940
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AdjustPointer
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 1740715915-307937090
                                                                                                                                                                                                                                • Opcode ID: 5ec83958b60c8fda7b71708e548b2f56b650e5b6a02c6b7d2b467512c1135ee0
                                                                                                                                                                                                                                • Instruction ID: 64b1f013728bc4df690e28a0ee1764f9a41e5620ec100586149657a1b9662fb7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ec83958b60c8fda7b71708e548b2f56b650e5b6a02c6b7d2b467512c1135ee0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE51CF76A21202FFDF289F54D841BAA73A8FF44710F254529E805876A1E771E868CB90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 002843A0
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 002843AA
                                                                                                                                                                                                                                  • Part of subcall function 00274D90: std::_Lockit::_Lockit.LIBCPMT ref: 00274DBE
                                                                                                                                                                                                                                  • Part of subcall function 00274D90: std::_Lockit::~_Lockit.LIBCPMT ref: 00274DE9
                                                                                                                                                                                                                                • codecvt.LIBCPMT ref: 002843E4
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0028441B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 3716348337-307937090
                                                                                                                                                                                                                                • Opcode ID: ff668c8d27d25a6fa76a22631800b415906697e6390b40e945ae06125a8e971c
                                                                                                                                                                                                                                • Instruction ID: 2675687f0864e560a21a7d34dc4627a9dea201bc904cfdc29025c9826569a536
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff668c8d27d25a6fa76a22631800b415906697e6390b40e945ae06125a8e971c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7701D23992112ADBCB05FB64E819AAEB775FF84320F248508F4146B2D1DF709E248F91
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00294952
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00294A1B
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00294A82
                                                                                                                                                                                                                                  • Part of subcall function 002931C1: RtlAllocateHeap.NTDLL(00000000,?,?,?,002822A9,?,?,00273E32,00001000,?,00273D7A), ref: 002931F3
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00294A95
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00294AA2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1423051803-0
                                                                                                                                                                                                                                • Opcode ID: a39989465e0d10ba7317740ee38bd9f53828f7f5edf87dedf495297c23df9ddc
                                                                                                                                                                                                                                • Instruction ID: 8285fe2517f504c861862d66e1c4217f8cebb1c1424ba8db321c326c197b736f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a39989465e0d10ba7317740ee38bd9f53828f7f5edf87dedf495297c23df9ddc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8751B172660207AFEF24BF60CC95EBB7BAAEF84710F154529FD04D6150EA70DD328A64
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 0029272D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm$csm$&(
                                                                                                                                                                                                                                • API String ID: 3493665558-2125113848
                                                                                                                                                                                                                                • Opcode ID: c46b362ab6c9a24f0868a85e99b0c1bd966032c8517612e12ba1bfb50f102f86
                                                                                                                                                                                                                                • Instruction ID: ec3a06f6c7f4cb7fd7b4ccc333dda4e7b3b2468a89d2a38c5c95fe1d948ba7a1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c46b362ab6c9a24f0868a85e99b0c1bd966032c8517612e12ba1bfb50f102f86
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E431073642021AFBCF228F90DC409AABB6AFF08714B188559FC4419122C332CC75DFE1
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 002855F1
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 002855FB
                                                                                                                                                                                                                                  • Part of subcall function 00274D90: std::_Lockit::_Lockit.LIBCPMT ref: 00274DBE
                                                                                                                                                                                                                                  • Part of subcall function 00274D90: std::_Lockit::~_Lockit.LIBCPMT ref: 00274DE9
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0028566C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 1383202999-307937090
                                                                                                                                                                                                                                • Opcode ID: 910882ac5d7c0c45b36847709e394d74cc3a4d1da8b54884054021041932b60c
                                                                                                                                                                                                                                • Instruction ID: 3e7495447f6e8f7f36f44e3b1e355ae86d57a55864b88a5631804703c789e5b2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 910882ac5d7c0c45b36847709e394d74cc3a4d1da8b54884054021041932b60c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4211E139821125DBDB06FF64E819ABDBBA9FF80320F640508E4156B2D1DF709E24CB80
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0029DDCD,00000000,?,002B21B8,?,?,?,0029DD04,00000004,InitializeCriticalSectionEx,002A808C,002A8094), ref: 0029DD3E
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,0029DDCD,00000000,?,002B21B8,?,?,?,0029DD04,00000004,InitializeCriticalSectionEx,002A808C,002A8094,00000000,?,00292E6C), ref: 0029DD48
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0029DD70
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                • Opcode ID: f77b87649863ba76f66efccf8f41af2b80e7bb88cfe041e84cba38d25588ac79
                                                                                                                                                                                                                                • Instruction ID: 061849d3d6d365651fe9daa9e2265f2499e5b1e7d07d92973d78d5076d9af598
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f77b87649863ba76f66efccf8f41af2b80e7bb88cfe041e84cba38d25588ac79
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52E04FB12D0606BBEF101F71EC0AB293B58AF11B41F144470F90EA84E1EF62E934ED54
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetConsoleOutputCP.KERNEL32(EEE1F32E,00000000,00000000,?), ref: 0029B13A
                                                                                                                                                                                                                                  • Part of subcall function 002932D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00294A78,?,00000000,-00000008), ref: 00293332
                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0029B38C
                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0029B3D2
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0029B475
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2112829910-0
                                                                                                                                                                                                                                • Opcode ID: 3a65b338b5fded6873f8c2fe54cdf887eaf3277b9f8030a617c4078bb8b46726
                                                                                                                                                                                                                                • Instruction ID: 3ddc618880e8796598038b2b4d50fa79d0ca7545d897e0ed468d7de693e5582d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a65b338b5fded6873f8c2fe54cdf887eaf3277b9f8030a617c4078bb8b46726
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4D18BB5D10248DFCF05CFA8E994AADBBB4FF09304F18456AE856EB252D730A911CF50
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 002932D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00294A78,?,00000000,-00000008), ref: 00293332
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00298F67
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00298F6E
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00298FA8
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00298FAF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1913693674-0
                                                                                                                                                                                                                                • Opcode ID: fe01f00f5fd8f8051ec6098c1b8fcb4b3fa40072d3df099a8670bb4276acde4d
                                                                                                                                                                                                                                • Instruction ID: 0da3e4bc714f8d9a5db7bc7b3f64f4401d1afd6885404cfba14fd67af22ad6fe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe01f00f5fd8f8051ec6098c1b8fcb4b3fa40072d3df099a8670bb4276acde4d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5021D771624216AFDF10BF71C88082BB7AEFF063647588519F92997990DF30ED208F90
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 17693594a1eef7f1e38f5d66e6eec3c1cdc138c723c7e67cdf256801c2cd3b3d
                                                                                                                                                                                                                                • Instruction ID: 062694a5592e370d81d76199cdff187969ccbf2d279bfb1bc9d9b85f295222a3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17693594a1eef7f1e38f5d66e6eec3c1cdc138c723c7e67cdf256801c2cd3b3d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB219279222216AFDB10BF658841D7A77ADFF41364B194528F816976D1EB30ECA08F90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 0029A301
                                                                                                                                                                                                                                  • Part of subcall function 002932D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00294A78,?,00000000,-00000008), ref: 00293332
                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0029A339
                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0029A359
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 158306478-0
                                                                                                                                                                                                                                • Opcode ID: 5e4e843797df8358017427ad1124552805613e4cf3ac2d8582da36af1c9e3b60
                                                                                                                                                                                                                                • Instruction ID: b27289f44f0d698a813a6a6a6560f165ea80ba38832b38e4ad6723a62598e22d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e4e843797df8358017427ad1124552805613e4cf3ac2d8582da36af1c9e3b60
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1511C4E1921316BFAF117B75AC8DC6F2A9CEE853943110064F80AD1110FE649E2185B6
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,002A16CF,00000000,00000001,?,?,?,0029B4C9,?,00000000,00000000), ref: 002A21F7
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,002A16CF,00000000,00000001,?,?,?,0029B4C9,?,00000000,00000000,?,?,?,0029AE0F,?), ref: 002A2203
                                                                                                                                                                                                                                  • Part of subcall function 002A2254: CloseHandle.KERNEL32(FFFFFFFE,002A2213,?,002A16CF,00000000,00000001,?,?,?,0029B4C9,?,00000000,00000000,?,?), ref: 002A2264
                                                                                                                                                                                                                                • ___initconout.LIBCMT ref: 002A2213
                                                                                                                                                                                                                                  • Part of subcall function 002A2235: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,002A21D1,002A16BC,?,?,0029B4C9,?,00000000,00000000,?), ref: 002A2248
                                                                                                                                                                                                                                • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,002A16CF,00000000,00000001,?,?,?,0029B4C9,?,00000000,00000000,?), ref: 002A2228
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2744216297-0
                                                                                                                                                                                                                                • Opcode ID: e56edb8a7a97b66011838bc322e0a30b86fca594cf229d38a3e61853e9de13c1
                                                                                                                                                                                                                                • Instruction ID: 8e49e0623b5c6f2f06b1b95e6870e03f1ed6933b9b1c027c2857f6588aa71ff8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e56edb8a7a97b66011838bc322e0a30b86fca594cf229d38a3e61853e9de13c1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EEF01C36010126BBCF222FA5EC1CA9A7F26FB0A3A1B054150FE1985520CF32C930AB90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00293413: GetLastError.KERNEL32(00000000,?,00295749), ref: 00293417
                                                                                                                                                                                                                                  • Part of subcall function 00293413: SetLastError.KERNEL32(00000000,?,?,00000028,0028F7C9), ref: 002934B9
                                                                                                                                                                                                                                • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,0028D04D,?,?,?,00000055,?,-00000050,?,?,?), ref: 00297BA2
                                                                                                                                                                                                                                • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,0028D04D,?,?,?,00000055,?,-00000050,?,?), ref: 00297BD9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                • String ID: utf8
                                                                                                                                                                                                                                • API String ID: 943130320-905460609
                                                                                                                                                                                                                                • Opcode ID: f680baa870391e1c3f2273917e401d734f1d23a44205575f4f366e1c899d2bbd
                                                                                                                                                                                                                                • Instruction ID: a76e59fa6762206aa1545e68399cc88eafd817a7a3c601778a975a40b1b6538b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f680baa870391e1c3f2273917e401d734f1d23a44205575f4f366e1c899d2bbd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6151F871638306AADF25AF74CC42FA673A8EF45704F15046AFA05DB181FBB0D960CB65
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00292B4B,?,?,00000000,00000000,00000000,?), ref: 00292C6F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EncodePointer
                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                • Opcode ID: 30497f57cb9072e1019d315b93f566f03ada67345be4e54c452c12e146b0c845
                                                                                                                                                                                                                                • Instruction ID: b0931386ece7745709f287c2a7806ab3dbc06031ac6971d99f7b6f59242c7b9b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30497f57cb9072e1019d315b93f566f03ada67345be4e54c452c12e146b0c845
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B41677290020AFFCF25DF98CD81AEEBBB5FF48304F198099F904A6265D3359964DB61
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00283114
                                                                                                                                                                                                                                • RaiseException.KERNEL32(?,?,?,?), ref: 00283139
                                                                                                                                                                                                                                  • Part of subcall function 00287223: RaiseException.KERNEL32(E06D7363,00000001,00000003,00285F93,?,?,?,?,00285F93,00001000,002AE1AC,00001000), ref: 00287284
                                                                                                                                                                                                                                  • Part of subcall function 0028F7B9: IsProcessorFeaturePresent.KERNEL32(00000017,0028A37B,?,?,?,?,00000000), ref: 0028F7D5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                • Opcode ID: 73dcb464449e1ed5e59327f8c1632d98f2d1cc44432495d833b22259409c4fc2
                                                                                                                                                                                                                                • Instruction ID: dacc2dcdb28fac2274aaba895b16458c8f23ad44b50cf3bc95864e91806998e6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73dcb464449e1ed5e59327f8c1632d98f2d1cc44432495d833b22259409c4fc2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5321AF3AD12219DBCF24EF95D9499AEB7B9EF04F10F140409E419AB6D0CB30AE64CF91
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0028288E
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 002828EA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 593203224-307937090
                                                                                                                                                                                                                                • Opcode ID: 604690c0580e47a1de4140a06a7fcc846d74c740d800155aaefb7556859b4dde
                                                                                                                                                                                                                                • Instruction ID: 7d33a9e0953059bbbc661dc6b31b55fc3771d082f77a98110b688bdd68cbf3a5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 604690c0580e47a1de4140a06a7fcc846d74c740d800155aaefb7556859b4dde
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95018039A10119EFCF01EF14D895E9977B8EF84710B140099E4019B2A0DF70FD49CB60
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 002751C2
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0027520C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::_$Locinfo::_Locinfo_dtorLockitLockit::~_
                                                                                                                                                                                                                                • String ID: <O'
                                                                                                                                                                                                                                • API String ID: 3286764726-14361415
                                                                                                                                                                                                                                • Opcode ID: ff2c69196ce1864e9ada42a47a0e228b79ffdf9dd25cad2aeb9fb52937600be8
                                                                                                                                                                                                                                • Instruction ID: a5a2f7895338e2ff1b1cb471010c704baa189e61bc1a3b0bc429d693c65cf235
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff2c69196ce1864e9ada42a47a0e228b79ffdf9dd25cad2aeb9fb52937600be8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FF0BD30910258ABCB09FBFCC5E176DBB76EF41318F484068D50A67343EA309AA0CF55
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemTimePreciseAsFileTime.KERNEL32(?,?,00285D09,\\(,?,?,?,?,00285C5C,?,00000000,?,0027B93C,?,?,0027D94E), ref: 00286D27
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,EEE1F32E,?,?,002A3357,000000FF,?,002869F4,?,?,?,?,00286A18,00000000,?), ref: 00286D2B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Time$FileSystem$Precise
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 743729956-307937090
                                                                                                                                                                                                                                • Opcode ID: b14c50d4639b5bb8e82650bf16d87a8269888d4f18f0dd49f072208eb3e06988
                                                                                                                                                                                                                                • Instruction ID: b164c449c707dad7bc14954eae46524ee1d35af1cbf7b117c860832db5241eb2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b14c50d4639b5bb8e82650bf16d87a8269888d4f18f0dd49f072208eb3e06988
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8F03076A55554AFCB019F44ED49F5DBBA8F709B14F044626E81293790DF74A9008B90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 00293F67
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                                                                                                • String ID: InitializeCriticalSectionEx$&(
                                                                                                                                                                                                                                • API String ID: 2593887523-3881785404
                                                                                                                                                                                                                                • Opcode ID: a35024dc3392a78bf7cbfd7cb4cba69f20cb2b2560eaff2b26be24604fde351b
                                                                                                                                                                                                                                • Instruction ID: f0c36f7b5d787d67480aa9572afd736ff5c338521a208aa9d873b09b27f2fe57
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a35024dc3392a78bf7cbfd7cb4cba69f20cb2b2560eaff2b26be24604fde351b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CE09A329A4218B7CF216F50EC09DAE3F25EB42B60B004020FD19166A1CBB28A30EA84
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.2131140542.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131103281.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131431310.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131601994.00000000002AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131621603.00000000002B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131698314.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131711981.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.2131738880.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Alloc
                                                                                                                                                                                                                                • String ID: FlsAlloc$&(
                                                                                                                                                                                                                                • API String ID: 2773662609-851922512
                                                                                                                                                                                                                                • Opcode ID: b2317fd21c8f49bc272cc99e02a279f8f6dbbb33cd0c6d6b763f1b868e0d0757
                                                                                                                                                                                                                                • Instruction ID: 0806ac3196afb16256e314e4a1003984ef87e3511e2dfd38fb31e1dc76f63323
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2317fd21c8f49bc272cc99e02a279f8f6dbbb33cd0c6d6b763f1b868e0d0757
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BE0C231BA5225778F20B691AC0AEAE7D448B53B61B000060FA0A52192DEA14A3096E9

                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                Execution Coverage:1.2%
                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                Signature Coverage:20.8%
                                                                                                                                                                                                                                Total number of Nodes:72
                                                                                                                                                                                                                                Total number of Limit Nodes:6
                                                                                                                                                                                                                                execution_graph 35411 4084b0 35413 4084bf 35411->35413 35412 40876f ExitProcess 35413->35412 35414 4084d4 GetCurrentProcessId GetCurrentThreadId 35413->35414 35415 408765 35413->35415 35416 4084f7 SHGetSpecialFolderPathW GetForegroundWindow 35414->35416 35415->35412 35418 4086bb 35416->35418 35418->35415 35420 40c740 CoInitializeEx 35418->35420 35421 43c6f0 35423 43c710 35421->35423 35422 43c7fe 35425 43c75e 35423->35425 35427 43a0f0 LdrInitializeThunk 35423->35427 35425->35422 35428 43a0f0 LdrInitializeThunk 35425->35428 35427->35425 35428->35422 35429 43c330 35431 43c350 35429->35431 35430 43c45e 35431->35430 35433 43a0f0 LdrInitializeThunk 35431->35433 35433->35430 35434 43aeb0 35436 43acd0 35434->35436 35435 43af05 35436->35435 35439 43a0f0 LdrInitializeThunk 35436->35439 35438 43ad8d 35439->35438 35440 43a957 35441 43a9a0 35440->35441 35441->35441 35442 43ab3e 35441->35442 35444 43a0f0 LdrInitializeThunk 35441->35444 35444->35442 35445 434d7b 35448 434d99 35445->35448 35446 434de6 35448->35446 35449 43a0f0 LdrInitializeThunk 35448->35449 35449->35448 35363 409ca9 35364 409d40 35363->35364 35364->35364 35369 40add0 35364->35369 35366 409d60 35367 40add0 3 API calls 35366->35367 35368 409e60 35367->35368 35373 40ae60 35369->35373 35370 40b52b 35372 43a090 3 API calls 35370->35372 35374 40ae85 35372->35374 35373->35370 35373->35374 35375 43a090 35373->35375 35374->35366 35376 43a0b6 35375->35376 35377 43a0d5 35375->35377 35378 43a0ca 35375->35378 35379 43a0a8 35375->35379 35382 43a0bb RtlReAllocateHeap 35376->35382 35387 4387d0 35377->35387 35384 4387b0 35378->35384 35379->35376 35379->35377 35383 43a0d0 35382->35383 35383->35370 35391 43b7b0 35384->35391 35386 4387ba RtlAllocateHeap 35386->35383 35388 4387e3 35387->35388 35389 4387f4 35387->35389 35390 4387e8 RtlFreeHeap 35388->35390 35389->35383 35390->35389 35392 43b7c0 35391->35392 35392->35386 35392->35392 35393 43a249 35394 43a260 35393->35394 35394->35394 35395 43a334 GetForegroundWindow 35394->35395 35396 43a342 35395->35396 35397 43a6e9 35398 43a700 35397->35398 35401 43a0f0 LdrInitializeThunk 35398->35401 35400 43a807 35401->35400 35402 43abcc 35404 43a5f0 35402->35404 35403 43ac25 35404->35403 35404->35404 35406 43a0f0 LdrInitializeThunk 35404->35406 35406->35404 35407 4346cc 35408 4346d4 35407->35408 35409 4346f1 GetUserDefaultUILanguage 35408->35409 35410 43471c 35409->35410

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 82 4084b0-4084c1 call 439c70 85 4084c7-4084ce call 4331c0 82->85 86 40876f-408771 ExitProcess 82->86 89 4084d4-4084f5 GetCurrentProcessId GetCurrentThreadId 85->89 90 40876a call 43a070 85->90 92 4084f7-4084fa 89->92 93 4084fc-408504 89->93 90->86 94 408507-408512 92->94 93->94 95 408514 94->95 96 408516-40852c 94->96 95->96 97 408530-40853b 96->97 98 40852e 96->98 99 40853d 97->99 100 40853f-40854d 97->100 98->97 99->100 101 408551-408561 100->101 102 40854f 100->102 103 408563 101->103 104 408565-4086b5 SHGetSpecialFolderPathW GetForegroundWindow 101->104 102->101 103->104 105 408746-408754 call 409a20 104->105 106 4086bb-4086dc 104->106 110 408759-40875e 105->110 107 4086e2-408744 106->107 108 4086de-4086e0 106->108 107->105 108->107 110->90 111 408760-408765 call 40c740 call 40b590 110->111 111->90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 004084D4
                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004084DE
                                                                                                                                                                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00408698
                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 004086AD
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00408771
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4063528623-0
                                                                                                                                                                                                                                • Opcode ID: 75776b55d51b7a9c9e0534daf253afebcc8734a3988ab70302c1e23337a3fdb8
                                                                                                                                                                                                                                • Instruction ID: 81c6bf6d7b613445e93113f7aad05267b3ec78b29b70367c151f27e372839a6e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75776b55d51b7a9c9e0534daf253afebcc8734a3988ab70302c1e23337a3fdb8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2613877F047184BC708AEA9DD8635AF6C75BD8710F0E943EAA84D7395EEBC8C094281

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 179 43a0f0-43a122 LdrInitializeThunk
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LdrInitializeThunk.NTDLL(0043C30B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A11E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 7b3ab8d789431e0e6d2d6d46161674017bb456829de196fd7f2aa8050978f695
                                                                                                                                                                                                                                • Instruction ID: 6b5eedfb8335e740b27c89ed7a8c56648d73191291d2c931f4b11854436c7516
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b3ab8d789431e0e6d2d6d46161674017bb456829de196fd7f2aa8050978f695
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10210678295204AFDB1C9B049C4053F7356EBAE310F24F67EE4D383395CA389C528B0A

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 151 43a249-43a253 152 43a260-43a293 151->152 152->152 153 43a295-43a33d GetForegroundWindow call 43c120 152->153 156 43a342-43a374 153->156
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 0043A334
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ForegroundWindow
                                                                                                                                                                                                                                • String ID: eXYZ
                                                                                                                                                                                                                                • API String ID: 2020703349-2949970386
                                                                                                                                                                                                                                • Opcode ID: 2385cedeb00f6702207200dc112ac45150cb3310661a2b5de4b2e012b1435195
                                                                                                                                                                                                                                • Instruction ID: f936996c2d308c81b5db4e9656f8d065705d9935138600c61ceb7a219439eff1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2385cedeb00f6702207200dc112ac45150cb3310661a2b5de4b2e012b1435195
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5201F777A481104BCB0CCB24DC659AA7AA1FF96304B0A957DC986D7712EB2E9C10C686

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 157 4346cc-43471a call 414030 * 2 call 43bbf0 GetUserDefaultUILanguage 164 43471c-43471f 157->164 165 434761-43478c 164->165 166 434721-43475f 164->166 166->164
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetUserDefaultUILanguage.KERNELBASE ref: 004346F9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DefaultLanguageUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 95929093-0
                                                                                                                                                                                                                                • Opcode ID: 735eeb5f033dab88b24bdfd1771b32b227d63f407e73aa6f1a2eb2963dfdcdb1
                                                                                                                                                                                                                                • Instruction ID: 3e3eced47afbc619b7794abc851c14eceefbb646eb5dca257d4e3384aacdfbde
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 735eeb5f033dab88b24bdfd1771b32b227d63f407e73aa6f1a2eb2963dfdcdb1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B11D335E056948BD709DBB9CC903DCBFB2AF9E300F4980ADD945A7381DB3858418B69

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 167 43a090-43a0a1 168 43a0b6-43a0c8 call 43b7b0 RtlReAllocateHeap 167->168 169 43a0d5-43a0d6 call 4387d0 167->169 170 43a0ca-43a0cb call 4387b0 167->170 171 43a0a8-43a0af 167->171 178 43a0e0-43a0e2 168->178 177 43a0db-43a0de 169->177 176 43a0d0-43a0d3 170->176 171->168 171->169 176->178 177->178
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B52B,00000000,00000000), ref: 0043A0C2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                • Opcode ID: c5061a14e3be9723b2a7e57270ad165a7149b705f637d874510872f248402d86
                                                                                                                                                                                                                                • Instruction ID: 6c991376d235990f2f402ad732baa2f7aa23abb0f7fe4840b4063e209bc220aa
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5061a14e3be9723b2a7e57270ad165a7149b705f637d874510872f248402d86
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6EE02B36458610EBC6102F257C06F1B7674EFCA712F11143AF4019B152DB38E812C5EF

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 180 4387d0-4387dc 181 4387e3-4387ee call 43b7b0 RtlFreeHeap 180->181 182 4387f4-4387f5 180->182 181->182
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000,?,0043A0DB,?,0040B52B,00000000,00000000), ref: 004387EE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                • Opcode ID: 217a5da907f04fb8f5c8cd2b64c73f046200198ac263edfa75de337f3b28e5ea
                                                                                                                                                                                                                                • Instruction ID: 108a3cda9e0ef2db53bef28a003c09f7f8b0241254c40ac3985e4631a8a5e3e2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 217a5da907f04fb8f5c8cd2b64c73f046200198ac263edfa75de337f3b28e5ea
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9D01231405522EBC6102F14FC06B8A3B58EF49321F0304A2F800AB071C774EC51CAD8

                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                control_flow_graph 185 4387b0-4387c7 call 43b7b0 RtlAllocateHeap
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000,?,?,0043A0D0), ref: 004387C0
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                • Opcode ID: 6ff4f771ce8703d0e7dba682f894fb59773c0ce7806de8059a07f9a7fd6f4ca0
                                                                                                                                                                                                                                • Instruction ID: ece203280fcbe37a0a08371aba5f90ec596ab625603162429e0e60c7cb24d30e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ff4f771ce8703d0e7dba682f894fb59773c0ce7806de8059a07f9a7fd6f4ca0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5C09231049221ABCA106B25FC09FCA7F68EF89371F0240A6F504A70B2C770EC92CBD8
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 00435C1F
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(C41CC213), ref: 00435C98
                                                                                                                                                                                                                                • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00435CD5
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(99299721), ref: 00435D35
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(C98DC775), ref: 00435DE6
                                                                                                                                                                                                                                • VariantInit.OLEAUT32(DMNO), ref: 00435E52
                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00435FD5
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00435FFA
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00436000
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00436010
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                • String ID: 7($DMNO$R3^5$V7~9$`abc$s?@!$x%
                                                                                                                                                                                                                                • API String ID: 2485776651-1090096584
                                                                                                                                                                                                                                • Opcode ID: e18bffe5765d218f161236ebdbe36d61391ba5270e030f3f8f7d3f9271ac609e
                                                                                                                                                                                                                                • Instruction ID: e42f46131c78b37bf5d280d9a6aa415bc6e6ac40af6a13139ab81269b5ad4da0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e18bffe5765d218f161236ebdbe36d61391ba5270e030f3f8f7d3f9271ac609e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A2203726483019FD304CF29C885B6BBBE6EFC9314F18992DF1958B391DA78D806CB56
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                                • String ID: P$a$b$c$m$p$r$s$v$v$}
                                                                                                                                                                                                                                • API String ID: 1006321803-2105936040
                                                                                                                                                                                                                                • Opcode ID: 9328c7a2a9933abddf6a1adbe8b77a73bee4cf9170a044fba7b5f5bac0499f58
                                                                                                                                                                                                                                • Instruction ID: 00924b86e3e3bda304993bb9e57c23c4db5d32f2e7aac58e6022d9a3396b71bc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9328c7a2a9933abddf6a1adbe8b77a73bee4cf9170a044fba7b5f5bac0499f58
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2419F7190C3818ED300AF78C54936FBFE0AB9A314F04497EE4CA86292D67D9548C7AB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: t+v$+E)G$0mWo$2.B$4A.C$=U:W$=Y)[$>y<{$?Q4S$Au5w$B0B$CqEs$MO$N)C+$O-K/$T!~#$b3e5$f7l9$k%@'$s=K?$t#s%$x;n=$_A
                                                                                                                                                                                                                                • API String ID: 0-113034906
                                                                                                                                                                                                                                • Opcode ID: 7b781a2f72ab66e730972a561a5b452963a1cdc6b84b54b2d62fec000e372903
                                                                                                                                                                                                                                • Instruction ID: 665b8d268b5e70e115044ef171a2b225547821c3a7c4e08aae2ee0ec0dc9669a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b781a2f72ab66e730972a561a5b452963a1cdc6b84b54b2d62fec000e372903
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A86260B5D092688BDB64CF59DC8039DBBB0FB45700F1492E8D49D6B244CB79AA82CFC5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: t+v$+E)G$0mWo$2.B$4A.C$=U:W$=Y)[$>y<{$?Q4S$Au5w$B0B$CqEs$MO$N)C+$O-K/$T!~#$b3e5$f7l9$k%@'$s=K?$t#s%$x;n=$_A
                                                                                                                                                                                                                                • API String ID: 0-113034906
                                                                                                                                                                                                                                • Opcode ID: 7e147e0da38dac11d8f669c1e3447340cb0a0d7efc40a226d66938240f90263d
                                                                                                                                                                                                                                • Instruction ID: 1acddb3bd29df1b3c7ed710452d709cd5224d14c53111a9caca13d8f84d469f6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e147e0da38dac11d8f669c1e3447340cb0a0d7efc40a226d66938240f90263d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 366270B5D092688BDB64CF59DC8039DBBB0FB45700F1492E8D49D6B244CB79AA82CFC5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ,-$34$625}$E%R'$G>A0$JY$P!f#$R\$^E$j{bO
                                                                                                                                                                                                                                • API String ID: 0-2882005250
                                                                                                                                                                                                                                • Opcode ID: eb84ff1070f1370619f25f019857aa84abec60b38127f572821a2a8c025fa7eb
                                                                                                                                                                                                                                • Instruction ID: 0bd9255436add60d1e09da1e584132c25349782beeb805e32ff3c9e2cdc54613
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb84ff1070f1370619f25f019857aa84abec60b38127f572821a2a8c025fa7eb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DFF111B1A083109BD310DF65D88166BBBE1FFC6714F04892DE5D59B351DBB88905CB8B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: "F"X$%J8L$)V#h$0R&T$3B"D$5Z?\$8^9P$9N0@$C$Kp$LKJI$tu
                                                                                                                                                                                                                                • API String ID: 0-3248936872
                                                                                                                                                                                                                                • Opcode ID: f6b97d671b85bc8fd470a9674100c5666e2a0df9f70fe82272273a3dd16cf0ba
                                                                                                                                                                                                                                • Instruction ID: 999e520aa4e36e6a5b75b8c39885a1e560ad5808e1472d49d8410744209896e6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6b97d671b85bc8fd470a9674100c5666e2a0df9f70fe82272273a3dd16cf0ba
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15B27771A043108BCB14CF29C8513AFBBF2FF96310F18856DE8859B395E7799886CB95
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: 07:$3(0+$?(8.$LKJI$S$|bB
                                                                                                                                                                                                                                • API String ID: 0-345372933
                                                                                                                                                                                                                                • Opcode ID: f45b8270539772271a1ede4b0c6b5e71de189be1f7540f06f1163e620d7360ca
                                                                                                                                                                                                                                • Instruction ID: 5af4eb5596d5d86ed844e23ac019f9f60f61a588b45a890d4fb73004f33cd839
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f45b8270539772271a1ede4b0c6b5e71de189be1f7540f06f1163e620d7360ca
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A1203B5A093008FD724DF29E84172FB7E2EFC1304F55892DE9858B351EB789905CB9A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: =WQQ$@[AD$M[XD$WLR+$WN$b$jUUX$jUUX$sumk
                                                                                                                                                                                                                                • API String ID: 0-1302826949
                                                                                                                                                                                                                                • Opcode ID: d4b07d2b4aedff03e6feb5c3e5c9871842d32888d13d809aebe9e9dc19282036
                                                                                                                                                                                                                                • Instruction ID: 9324723dafc5f9560f884cf57fe243b2f1f3709b53f12d44b2c3a62070061224
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4b07d2b4aedff03e6feb5c3e5c9871842d32888d13d809aebe9e9dc19282036
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9D1057164C3918BC326CF79885026BFFE19F97214F0849ADE8E59B383D639C909C796
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID: * */$*`hd$FJXR$LKJI$\YKK$e$oklm
                                                                                                                                                                                                                                • API String ID: 2994545307-3845787765
                                                                                                                                                                                                                                • Opcode ID: 55e23fafc119107f0ccdf8a19c3a5b4032c9f320a4b65e8b5a938e3263f1a95f
                                                                                                                                                                                                                                • Instruction ID: f6470223606ff1074a8ed67547db90158e1c83a023c0161296ceac74bf89f63e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55e23fafc119107f0ccdf8a19c3a5b4032c9f320a4b65e8b5a938e3263f1a95f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D17225769083418FC724CF24C8917EBB7E2EF95304F19892EE49597352EB389C45CB96
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID: /$LKJI$LKJI$LKJI$LKJI$R_A$dLKJI
                                                                                                                                                                                                                                • API String ID: 2994545307-4222832501
                                                                                                                                                                                                                                • Opcode ID: 0477d1429a66bbe7571ce0cff6cc8003f918f4070f1ec8469ed5c5074b371c89
                                                                                                                                                                                                                                • Instruction ID: 43193bf5eee9b67d442bda54bbe71e944c487a787d434bf6b2b6ca1463d0c7e4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0477d1429a66bbe7571ce0cff6cc8003f918f4070f1ec8469ed5c5074b371c89
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31023536608751CBD714CF24D890AEBB7E2EFD6300F69887DE0C587252DB349986CB96
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: )G+I$+K M$VW$j/1Q$n#K%$no$~rB!
                                                                                                                                                                                                                                • API String ID: 0-2007519135
                                                                                                                                                                                                                                • Opcode ID: 7feae105371b445d50733031fafc5a9cdbaa6a203806e09e0a394c142dee3e38
                                                                                                                                                                                                                                • Instruction ID: 6cf440d9571b982b17ab2aa9d3ed50015f9ac77a650ccaa2ef39c28d20bbbb34
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7feae105371b445d50733031fafc5a9cdbaa6a203806e09e0a394c142dee3e38
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F11202B264C3109BC704DF69CC916ABBBE1EFD5314F08892DE4C58B391E678C949C79A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID: *G$I$JK$LKJI$LKJI$LKJI$lC E
                                                                                                                                                                                                                                • API String ID: 2994545307-1846479541
                                                                                                                                                                                                                                • Opcode ID: 2a4468f5727142e96225791b507bbf9a33056e481ca08e7582f1f877e2be8026
                                                                                                                                                                                                                                • Instruction ID: 466a0ffacf1891427b5cdc777cc4db08db6e3431e126a4aa41f25725345e0266
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a4468f5727142e96225791b507bbf9a33056e481ca08e7582f1f877e2be8026
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89A236366093019FD714CF24C894AABB7E3EBD2304F19C42DE4859B256DB75DC86CB8A
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,2000000B,00298515,00000002,00000000,?,?,?,00298515,?,00000000), ref: 00298BDD
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,20001004,00298515,00000002,00000000,?,?,?,00298515,?,00000000), ref: 00298C06
                                                                                                                                                                                                                                • GetACP.KERNEL32(?,?,00298515,?,00000000), ref: 00298C1B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                                                                                • String ID: ACP$OCP
                                                                                                                                                                                                                                • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                • Opcode ID: 212cbc60c22dadcdbdfaae786f577edf91656651324e2b63e600f6959a791be3
                                                                                                                                                                                                                                • Instruction ID: f337408064baec3998a88cbcbc7d4dbb2fd72ed00913f0cd6654a198d0ffaf3b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 212cbc60c22dadcdbdfaae786f577edf91656651324e2b63e600f6959a791be3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D521F8B2730102ABDF349F58C911A9773A6EF56F68B5E8425E90AD7100EF32DD51D360
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Uninitialize
                                                                                                                                                                                                                                • String ID: 4$9n`$RT$Z&\
                                                                                                                                                                                                                                • API String ID: 3861434553-3901044890
                                                                                                                                                                                                                                • Opcode ID: 3186a6965b887102479600fef04c76f636110d56c00d9bea835027a8898bf2dc
                                                                                                                                                                                                                                • Instruction ID: a71453012e041cc9c238def26c9e32efeaed312f245791e1645a9dce4011e69e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3186a6965b887102479600fef04c76f636110d56c00d9bea835027a8898bf2dc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6A1F17080C3D08AD7358F6984907EBBBE1AFA7304F18496DC0C9AB396D7394509CB9A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: Vi$ptzu$uxHp$wuAw${=%{$~L@E
                                                                                                                                                                                                                                • API String ID: 0-2292347137
                                                                                                                                                                                                                                • Opcode ID: 7b9ef7e4b19e3d76aa3d509f3eaa83661429921d4e30dd0df4b1a76a15b12fb9
                                                                                                                                                                                                                                • Instruction ID: 0c3d8581197fcb3e724ecaccdf0c7a9d6a95693697d8921b8cce87697a0302e7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b9ef7e4b19e3d76aa3d509f3eaa83661429921d4e30dd0df4b1a76a15b12fb9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3961062024D3C28AD3118F3681A076BFFE19FA3350F08457EE8D45B386D7398909D76A
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00293413: GetLastError.KERNEL32(00000000,?,00295749), ref: 00293417
                                                                                                                                                                                                                                  • Part of subcall function 00293413: SetLastError.KERNEL32(00000000,?,?,00000028,0028F7C9), ref: 002934B9
                                                                                                                                                                                                                                • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 002984E7
                                                                                                                                                                                                                                • IsValidCodePage.KERNEL32(00000000), ref: 00298525
                                                                                                                                                                                                                                • IsValidLocale.KERNEL32(?,00000001), ref: 00298538
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00298580
                                                                                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0029859B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 415426439-0
                                                                                                                                                                                                                                • Opcode ID: 5f26a4738c8e875a94118e63387ba875c7ad1872293b94a2ec56edb61e72546f
                                                                                                                                                                                                                                • Instruction ID: b72063bd5f2ea41ab13bb4fff910f4dacf2edfa9d2c1b44e7eb925621c2d649a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f26a4738c8e875a94118e63387ba875c7ad1872293b94a2ec56edb61e72546f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3515E71A2020AABDF10DFA4DC45ABE77B8BF16700F094469E915E7190EFB4DA24CB61
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: f$'b$Rk$We$]i$jg
                                                                                                                                                                                                                                • API String ID: 0-1906351454
                                                                                                                                                                                                                                • Opcode ID: 9bc981da81b66dd3535a7edaf0e425f455b8bdbb71676d0cfdf8308fb2db7eff
                                                                                                                                                                                                                                • Instruction ID: 23f18974037862c0d56761acf5678ea4b1ba6f1b5e661e45395e85672e29c7aa
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bc981da81b66dd3535a7edaf0e425f455b8bdbb71676d0cfdf8308fb2db7eff
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76716DB404A7808BE374CF14E48879BBBE1BBCA319F61891EC4885B750C7B85548DF8E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: "mB$7lB$LKJI$PMh$dMh
                                                                                                                                                                                                                                • API String ID: 0-3788850282
                                                                                                                                                                                                                                • Opcode ID: 5d670510cc85e32abccbfe3494aac091c9d7660e319b73d755aac88d5e0199db
                                                                                                                                                                                                                                • Instruction ID: c7c88edf8da42e5b81e1be13796ed4b22bb69f2ee7f004d2b4fcd87200145d1c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d670510cc85e32abccbfe3494aac091c9d7660e319b73d755aac88d5e0199db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 829142B5E083548BDB10DF69EC4266FBBB6EB86304F15817DE844A7242D7349D068BCA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: e210328f8d4f359fac80214519e11883391db29b0651a67b32ed7d6b3dc8e133
                                                                                                                                                                                                                                • Instruction ID: a8a2d8a5215dbdb6cd05a655f7959b57a728880f689d9fa5147eeb004bf55d12
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e210328f8d4f359fac80214519e11883391db29b0651a67b32ed7d6b3dc8e133
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E024D71E1121A9FDF14CFA9C8806AEBBF5FF48314F258269D919E7380D731A961CB90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00299216
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                                                                                                • Opcode ID: 39357b3aa9d1d0388d29ee24127beb46bb28519e80ef92394558463e221daf82
                                                                                                                                                                                                                                • Instruction ID: e6f1c0ce5fee7ed917a0e91e997ad79431a0f05299e814941f7ade58bf9a6c65
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39357b3aa9d1d0388d29ee24127beb46bb28519e80ef92394558463e221daf82
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92710171C1516AAFDF20EF68CC8DABAB7B8AB05310F1441DDE40DA7251DA318EE58F14
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00286534
                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00286600
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00286619
                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00286623
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 254469556-0
                                                                                                                                                                                                                                • Opcode ID: 078b3c8b3b3ece4f97290737cd4800e12fbc198a86860e9a98b7672ba32c6fa5
                                                                                                                                                                                                                                • Instruction ID: 99b93c309a0e0470960585963f93c15c1620c6868220cfac9e1a35a4abdb11d3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 078b3c8b3b3ece4f97290737cd4800e12fbc198a86860e9a98b7672ba32c6fa5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E31FBB5D022199BDF20EFA4D9497CDBBB8BF08304F10419AE40DA7290EB759A85CF45
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: >XV{$J$[${fby
                                                                                                                                                                                                                                • API String ID: 0-3606238112
                                                                                                                                                                                                                                • Opcode ID: 0d6eb61f565efd9b28c977fd6203c007f9727cf4c8f1d5bdffe5831a718d8cf2
                                                                                                                                                                                                                                • Instruction ID: 7acd0d618eae8586913bc0f41e43c61ef4285b9f35d5c420cf08c205945acc7d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d6eb61f565efd9b28c977fd6203c007f9727cf4c8f1d5bdffe5831a718d8cf2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8652182170C3A08ED725CB2994507ABBBD2DFD7344F4889AED4C95B386C739480AC7A7
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MetricsSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                • Opcode ID: dd01d0e7bf7610feddfdc87603d678766e6b3426f41c0637f6437a3222989b06
                                                                                                                                                                                                                                • Instruction ID: f1bf6e38b5319f6495d3754448a6b6395ba0eb4229e6ee057783d66974f2e778
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dd01d0e7bf7610feddfdc87603d678766e6b3426f41c0637f6437a3222989b06
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 933181B0914314CFDB00EF68D98965EBBF4BB88304F11852EE489DB361D774A948CF96
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: '=>$16$V$nu
                                                                                                                                                                                                                                • API String ID: 0-1128639114
                                                                                                                                                                                                                                • Opcode ID: f3bf3c92426298d4e2d064f40d1e5b6cdb2c1ecb3f2719942d97017e2aab000f
                                                                                                                                                                                                                                • Instruction ID: b65a944c08e3b4797548b11e249eec4ea03bc5153a4c79721d1592d98edfe604
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3bf3c92426298d4e2d064f40d1e5b6cdb2c1ecb3f2719942d97017e2aab000f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8581047560C3A08FD325CF2594907ABBBD2AFD7300F18995ED4C947382D779480A8B97
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: '=>$16$V$nu
                                                                                                                                                                                                                                • API String ID: 0-1128639114
                                                                                                                                                                                                                                • Opcode ID: bc11d363afe62b07cb49c86be68f9e487ccdbd0c6e2bea18ed24ae1df90e0bbf
                                                                                                                                                                                                                                • Instruction ID: 6ccd8c091baf99fcd38a425cee7ebbb6529323ce3941027de60d43c9749a2353
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc11d363afe62b07cb49c86be68f9e487ccdbd0c6e2bea18ed24ae1df90e0bbf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC81147560C3A08FD324CF2594907ABBBD2AFD7300F18995ED4C94B382DB79480A8B57
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: %V$B$X$rg
                                                                                                                                                                                                                                • API String ID: 0-155536632
                                                                                                                                                                                                                                • Opcode ID: 19b84d581932cf2d385a8253674ae8e1829070b119135886f65f8cf0552ef655
                                                                                                                                                                                                                                • Instruction ID: 92a5b2d619c31eb37c3ac23c6c1ddc0aae8af46965f3606883b1e1dd75c4ec7b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19b84d581932cf2d385a8253674ae8e1829070b119135886f65f8cf0552ef655
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E75126716083404BD7288B399C527EFBBE2EBDA314F185A3DD0C9972D3E7384416875A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: VW$W#W%$c'Z)$y+~-
                                                                                                                                                                                                                                • API String ID: 0-1970231293
                                                                                                                                                                                                                                • Opcode ID: dbf18e7cf2286342b8758d765ff397c68ae1f8b179643f61656a580d7e7eb129
                                                                                                                                                                                                                                • Instruction ID: 7b441708d5ee2716db7b8300de4aff3b51513c63b03ff5abfe7877abe507e99e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbf18e7cf2286342b8758d765ff397c68ae1f8b179643f61656a580d7e7eb129
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 890184B59083009BD708DF26AC12A1FBBF1DB46705F08D63DE448D6751DB38D1068B4A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID: LKJI$LKJI$f
                                                                                                                                                                                                                                • API String ID: 2994545307-510723025
                                                                                                                                                                                                                                • Opcode ID: d6da91ac32dd4ff976916cb641e1203fa3a4b5aedb0b7b5314c7b9ed7eb37f31
                                                                                                                                                                                                                                • Instruction ID: 5d77b7be674c2a3d008b366c93ec8ffc6d30b231ecf2954191cd250c272b3ada
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6da91ac32dd4ff976916cb641e1203fa3a4b5aedb0b7b5314c7b9ed7eb37f31
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD2225716083019FD718CF28C89176FB7E2BBD9314F189A2DE5A58B391D7789C06CB86
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: LKJI$LKJI$LKJI
                                                                                                                                                                                                                                • API String ID: 0-3388204962
                                                                                                                                                                                                                                • Opcode ID: ba47fc5793ee1d93ac9035092884f738f637c216750eaefe3e0c74952bafbfe1
                                                                                                                                                                                                                                • Instruction ID: 61fd70ed21a54bb07bd77eae8b4813145af397865310986c689fd0a7fee4179c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba47fc5793ee1d93ac9035092884f738f637c216750eaefe3e0c74952bafbfe1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCD18972B083156BD324DE24CC8162FB7A2EBD9314F1AD63EE99553344DB38EC05879A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ,* ^$./$q#v%
                                                                                                                                                                                                                                • API String ID: 0-217856844
                                                                                                                                                                                                                                • Opcode ID: d4bce9f9fd1d48901ed92a5a7fc7b4459f3d4c6b7c0fdc422d1cddca0cba641e
                                                                                                                                                                                                                                • Instruction ID: 785eab3d25660e6253ce17fd586b04c876103ba29dfca2a6fe020481dd49fe92
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4bce9f9fd1d48901ed92a5a7fc7b4459f3d4c6b7c0fdc422d1cddca0cba641e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8961E57160C3D18FD7298F2594507ABBBE1AFD3304F58896DC4CA5B242DB79450ACB4B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: GI$MB
                                                                                                                                                                                                                                • API String ID: 0-2138107554
                                                                                                                                                                                                                                • Opcode ID: 243e1367f1fd2b6b423170f79b0bfd57350ca997fb09399f033a77cc3dd45e85
                                                                                                                                                                                                                                • Instruction ID: 0f447561fc1732b91b1713f840d395d01b6f80cf58fb2529e0939aa6bf96910f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 243e1367f1fd2b6b423170f79b0bfd57350ca997fb09399f033a77cc3dd45e85
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBC1CEB5A583018BC714CF28CC917ABB3E2EF95310F18992DE885CB380E778D945C79A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID: :$*+,-
                                                                                                                                                                                                                                • API String ID: 2994545307-2599365846
                                                                                                                                                                                                                                • Opcode ID: f870a90d099b3b0403ec22854385346ed990c41c0e57eef7310fd0f246213b31
                                                                                                                                                                                                                                • Instruction ID: 148612a81c22446ba025e9f85865b366e314894ef4b7d48c077af76913429bfc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f870a90d099b3b0403ec22854385346ed990c41c0e57eef7310fd0f246213b31
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73B15435A083404BC725CF28D89197BFBE2EBDA314F19D93DE8D587342DA38D8468796
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ./$q#v%
                                                                                                                                                                                                                                • API String ID: 0-465344239
                                                                                                                                                                                                                                • Opcode ID: 21717a1fb5593f24d03fff7d7a25b5d5de35b6466c554a33fcc77f91769b240d
                                                                                                                                                                                                                                • Instruction ID: f072eaaaf3eb1ef0fe32b301b57a3094bbeee5df3aa34febfc545712f3517621
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 21717a1fb5593f24d03fff7d7a25b5d5de35b6466c554a33fcc77f91769b240d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4361E17460C3D18FD3298F2594A07ABBBE1AFD3304F5889ADC4C95B282D779450ACB5B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: LKJI
                                                                                                                                                                                                                                • API String ID: 0-2313094147
                                                                                                                                                                                                                                • Opcode ID: 2335d0f127416ae5a20c232059f10384c37a125510e862681a8a6d7865be5a0d
                                                                                                                                                                                                                                • Instruction ID: 1d3abaf1ee9e5806a2f3a83894ebd1675eba815b68ba34b141a905673d696608
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2335d0f127416ae5a20c232059f10384c37a125510e862681a8a6d7865be5a0d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B63235B66182009BD704CF28EC8177BB3A2FBD6314F19953EE58597391E7389C82C75A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: "
                                                                                                                                                                                                                                • API String ID: 0-123907689
                                                                                                                                                                                                                                • Opcode ID: 838f1a844c204a40b442758e2825e65f5a318cc66b0189c33eb0a5e391c37fe0
                                                                                                                                                                                                                                • Instruction ID: 6e1ce6fc6fda7db0827962b298093c82deab57ccbb173ee8ea7ee38786644e97
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 838f1a844c204a40b442758e2825e65f5a318cc66b0189c33eb0a5e391c37fe0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63D13772B083259FD714CE25E48076BB7E9AB84314F59896FE89587382EB3CDC04C796
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: LKJI
                                                                                                                                                                                                                                • API String ID: 0-2313094147
                                                                                                                                                                                                                                • Opcode ID: da623c4cfc9764be2f69267dda3b3b9917040282be67f1a58775ec1f37cdf8ca
                                                                                                                                                                                                                                • Instruction ID: f610ac6a779a737146a5b11fb0d9cd4fa57571c70b7e1dd517d02d759e518823
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da623c4cfc9764be2f69267dda3b3b9917040282be67f1a58775ec1f37cdf8ca
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A512C33E057108BC7209E2C884125BF7D3ABD9324F1A977EE9D8A7395DA389C0187C5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: ~@
                                                                                                                                                                                                                                • API String ID: 0-592544116
                                                                                                                                                                                                                                • Opcode ID: 99db97f3197e4c00711789698085714d7618eb526d4bc3c4f25a6b70591ab424
                                                                                                                                                                                                                                • Instruction ID: 16d09bb130210fd006ffb35729946ee4d7ff1622902a9b32466aa763fa89bbea
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99db97f3197e4c00711789698085714d7618eb526d4bc3c4f25a6b70591ab424
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9661BEB09007419BD3108F28ED09707BAA1FF8136DF14473DE4AAA66F1D335D9A4CB8A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                • Opcode ID: b395ea20379bde512e304c7e2c25c45b21c84f45591d5083fa9284403c544c20
                                                                                                                                                                                                                                • Instruction ID: 54f34b08c379a6d16a38b0e429ba6608cb5610e7eef82db999daeefbb017af45
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b395ea20379bde512e304c7e2c25c45b21c84f45591d5083fa9284403c544c20
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F531E0711083048BC324EF58C8C166BB7E5EFD9314F15992EE68557390D7359808CB9A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: LKJI
                                                                                                                                                                                                                                • API String ID: 0-2313094147
                                                                                                                                                                                                                                • Opcode ID: 02d8cd7c8cf9c77132a77e2e7ffc6c8a1464da3c363495d0649729b1113fdd7e
                                                                                                                                                                                                                                • Instruction ID: 5a5b4c5bb55854c7970c471a0eaf9d5a01648c1c52fa1ebaa7687cb34d6fd5ab
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02d8cd7c8cf9c77132a77e2e7ffc6c8a1464da3c363495d0649729b1113fdd7e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D01F135B00020DBCB08CFA0E8406BEB7B2FB9A301FA541ADC44273650CB389E429F9C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: [i-.
                                                                                                                                                                                                                                • API String ID: 0-2259873840
                                                                                                                                                                                                                                • Opcode ID: 2839f9f1520fdd68d63327e1584702720a554e34840e70f9b967aa4907bc5175
                                                                                                                                                                                                                                • Instruction ID: 379c7524416eb9e07786fc436bc4a91101252a604fd142376edc8084010cdf8e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2839f9f1520fdd68d63327e1584702720a554e34840e70f9b967aa4907bc5175
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1F0C8779546214BD748CF28DCE08AAB7B3AFC6204F1EC66DC8C593305D934D506DB85
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: a6ef5f323a679a67b5fef49d7cd97c1c7ffb9dadafa0229b279a6a172858832c
                                                                                                                                                                                                                                • Instruction ID: 5a1c5e7f9343b59191af46cbb662d86e917cfa0771b792f1882d351f601cc803
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6ef5f323a679a67b5fef49d7cd97c1c7ffb9dadafa0229b279a6a172858832c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9412A372A0C7118BC725DE18D8806ABB3E1BFC4315F19893ED986A7385D738B851CB87
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: e39b6fea519d93aa5ec9f65f763ed2a2468af7853f709fa049bd81b2d9b5b442
                                                                                                                                                                                                                                • Instruction ID: 0ecf134d6b05ed5c649a81c61d6fbf0c3b31e0924560ff6f7b3e01963330c601
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e39b6fea519d93aa5ec9f65f763ed2a2468af7853f709fa049bd81b2d9b5b442
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCE143B6E04225CFCB24CF68D8516AFB7B1FF45314F1581A9D855AB391E734AD02CB84
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 5f4d4d26f143ec5b40f6ccbb2c54f06ed99307ab6e2ded2288e64d8a619cb680
                                                                                                                                                                                                                                • Instruction ID: 8806972c4484d05c05cfbd7300fd71929bcd5d7fa19817a534ec2951d416bce7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f4d4d26f143ec5b40f6ccbb2c54f06ed99307ab6e2ded2288e64d8a619cb680
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02919CB554D3D08BE336CF2598907EBBBE1ABDA300F184A6DC4C95B681C7394906CB96
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                • Opcode ID: 60457e3efe6fc5800d88da1ed6710609c5d15ab67977a80a9336893632da9409
                                                                                                                                                                                                                                • Instruction ID: 305c25d63cdf488f15ae21447b0951b78df33207185797624bc728b1b979ac12
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60457e3efe6fc5800d88da1ed6710609c5d15ab67977a80a9336893632da9409
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B61AF32A043104BD7289F28DC4173BF392EBD9714F2A562EE5D5A7382EE359C028789
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 83126f4332249f59e8d16c2ebbb7531b38d2aca7e057c82c90e5c8d7378353bc
                                                                                                                                                                                                                                • Instruction ID: e8fc8cb25efa47bc7a08408832f76c0839ddf9f69ff527b2afd1436496fd44eb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83126f4332249f59e8d16c2ebbb7531b38d2aca7e057c82c90e5c8d7378353bc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E41F37110C3518BC3258F29C8617FBB7E1FF96314F09095EE0CA8B2A1E738A945C79A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 8bea8b34c3601ec71cf7e7e3c3cab83bee2a75d3a066706297cac6bfb4f1da37
                                                                                                                                                                                                                                • Instruction ID: e17314e1a36663d4acd087866233ce99a1804479628af4783af25fedac060c52
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8bea8b34c3601ec71cf7e7e3c3cab83bee2a75d3a066706297cac6bfb4f1da37
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F4194327081254BCB248E2DCD9427AFBE29FC4344F1DC67AD885E73CAD578D8109795
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 9316e9ece2c943e4c82cea0025c605e6f346014c8a9fc822e07a93790b55c311
                                                                                                                                                                                                                                • Instruction ID: 14bdade60f96ff41496dc78bb3bafa022d25a977d040a5a92fd08b3181fd0e8f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9316e9ece2c943e4c82cea0025c605e6f346014c8a9fc822e07a93790b55c311
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7941D0702083518BC325CF29C8617FBB7E1FF96314F09495EE4DA8B291E7389945C796
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 87e3165e2997142d61480b7bb05094776c02fbe09a8203cea96040d970833ea2
                                                                                                                                                                                                                                • Instruction ID: f0dbabc92a4ae7f01a32f66ee9c788ee121bada2e68f2bf533d4202cce98be74
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87e3165e2997142d61480b7bb05094776c02fbe09a8203cea96040d970833ea2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF41037925C3419FC718DF64D8A056BB7F2EFD9304F089A2DE486D72A1E7349A09CB09
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: b5ca2fbae8caf2614bfe83edcb965a3bb390a6383f71e238d098fb68b76eda23
                                                                                                                                                                                                                                • Instruction ID: 44cf3ee7663fc799e4029a372c1de1e75a19d30bb02caea7fc7446081b0088c4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5ca2fbae8caf2614bfe83edcb965a3bb390a6383f71e238d098fb68b76eda23
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0311B4796492658FC319DB15958043FB3E6EBEE320F19E8AED4C653340CA349D019B8A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 2054be62e1b2bc12c3fff64592cce63ca2948da34a6928336bc83961dac9bebe
                                                                                                                                                                                                                                • Instruction ID: ae513ad6a49088bbb96c5396ea99459f40a1690353d36697d578869cc017a1dc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2054be62e1b2bc12c3fff64592cce63ca2948da34a6928336bc83961dac9bebe
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA21D1741582A08BC319CF18948062FB7E1BBAE310F1999AED4C547384C7789802CB8A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                • Instruction ID: e57824437a303eef6780061e335d9e128a4dcfe0712056a75f2877e61598226f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E011EC336051D40EC7168D3C8400565BFA30AA7636F1D53DAF4B49B3D2D62A8E8B8359
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 2f1b13e67950e77c1286a3f8d35eca5668d78a2291598a558b749e9846222873
                                                                                                                                                                                                                                • Instruction ID: 622129cdb748f02f7282f5935d08b06e97be00d662a93bec444fdc5ece8e1920
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f1b13e67950e77c1286a3f8d35eca5668d78a2291598a558b749e9846222873
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16019EF1B0232157DA209E51E4C073FB2A96B91708F18443EE90467742EF79EC44929B
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 8e17b46b8b93681940eb964b697051b25580617ca7e158580fce7974d985bb66
                                                                                                                                                                                                                                • Instruction ID: a24826edc72f2f4629bbfccff47e10a7d0065a81bf7f544c2f8e5fe2d0d1c618
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e17b46b8b93681940eb964b697051b25580617ca7e158580fce7974d985bb66
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7F02B3BB5D2150BF310DD6AECC496BB3A6EBC9348B1D8139E541E3381C578EC06C6A4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 2a28e092b65ff540d28a50155b7a14f39c29ff7934229107a3a12203bf757103
                                                                                                                                                                                                                                • Instruction ID: b2e84586432e67b8fa2da5a09318e3849165377821d5667bd25fb7fd24bd7212
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a28e092b65ff540d28a50155b7a14f39c29ff7934229107a3a12203bf757103
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FF05924A892808BC30C9F3198A14BB7BB5EB87604F04412EE4C353345D6288815CB3A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 293cf65d0496148bedda2d5ee0e6efee0f8d1c1cce51e9cafa164afeb48d2f28
                                                                                                                                                                                                                                • Instruction ID: ddc68efcdb2ea3263f06ae98d0409680a57207d695ef39a555f7b1622b902cb4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 293cf65d0496148bedda2d5ee0e6efee0f8d1c1cce51e9cafa164afeb48d2f28
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65F06D38A501118BC7088F18CC622B7B3B2EF8B341B18A566DA42EB754E73C98559389
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 334d6e4c3943ef95b73ff6a5b66c52bb1a96d6ad7b51dcfe65c98a45960ad9f5
                                                                                                                                                                                                                                • Instruction ID: 916c9a9cfda63af83d54c0006b6bb9d6178873750755e61ca1286201313e3bc0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 334d6e4c3943ef95b73ff6a5b66c52bb1a96d6ad7b51dcfe65c98a45960ad9f5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68C04C7CA4C144CBC705EF18E851B31BBF4A72724AF15356CD196E73B2C621E4908B1D
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString
                                                                                                                                                                                                                                • String ID: 0$7$<$?$@$@$E$H$I$J$L$N$O$P$Q$R$T$V$V$V$X$Z$\$^$k$n$p$s$x${$|
                                                                                                                                                                                                                                • API String ID: 2525500382-1598773680
                                                                                                                                                                                                                                • Opcode ID: 0a3805404ad568e93663df096c96b6d3ef686ae9c62129eccf20fff1c7c0afc2
                                                                                                                                                                                                                                • Instruction ID: 6618eb783df73a6e16815380b29b85f21fd3527bc85451c945064fc5a612ebcb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a3805404ad568e93663df096c96b6d3ef686ae9c62129eccf20fff1c7c0afc2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6981B32110CBC28DE332873C885879BBED15BA7224F484B9DD1ED4B3E2C779454A8767
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: InitVariant
                                                                                                                                                                                                                                • String ID: ,$a$c$e$g$i$j$k
                                                                                                                                                                                                                                • API String ID: 1927566239-3852956744
                                                                                                                                                                                                                                • Opcode ID: 94d713cdb2be1cb83da6bc2559e41ac25cbff068c6add1c4ff436be612f5c9c7
                                                                                                                                                                                                                                • Instruction ID: 8cb713364bc397ac8cf0f60f6126e58c50e4789941f084a861f0acb87b49c478
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94d713cdb2be1cb83da6bc2559e41ac25cbff068c6add1c4ff436be612f5c9c7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4241683150C7C18AD3158B28848838BBFD25BE6318F488A9DE5E51B3D2C775850A8BA7
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00287977
                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 0028797F
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00287A08
                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00287A33
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00287A88
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm$&(
                                                                                                                                                                                                                                • API String ID: 1170836740-2222876811
                                                                                                                                                                                                                                • Opcode ID: 17012955d6b110431ff82ebda2f71ce1b5839c460e668bc1ded96f84135b5c1a
                                                                                                                                                                                                                                • Instruction ID: 14b12a10379bc7bf71da3bee0a323b5fa02d854cfd6d911a91c342a49939bbfc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17012955d6b110431ff82ebda2f71ce1b5839c460e668bc1ded96f84135b5c1a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20411B389252199BCF10EF68C885A9EBBB5BF45310F248155E8155B3E2D731EE21CF90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCPInfo.KERNEL32(00000000,00000000,00000000,7FFFFFFF,?,002A1F0D,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 002A1FC8
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 002A2083
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 002A2112
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A215D
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A2163
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A2199
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A219F
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 002A21AF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 127012223-0
                                                                                                                                                                                                                                • Opcode ID: a2f8530135880ce5677060f0d2503f7908035c06e8e16f95dea49b2465979cdb
                                                                                                                                                                                                                                • Instruction ID: 24998e72046bd6b29d12768867222000f922f7abed00267ab1c6dac078d51a33
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2f8530135880ce5677060f0d2503f7908035c06e8e16f95dea49b2465979cdb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D771F672920246DBDF24AF5C8C41BAF7BBA9F57310F254055EE08A7282DF758C28CB60
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 00286AB0
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00286ADC
                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00286B1B
                                                                                                                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00286B38
                                                                                                                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00286B77
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00286B94
                                                                                                                                                                                                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00286BD6
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00286BF9
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2040435927-0
                                                                                                                                                                                                                                • Opcode ID: b3519a2a1b117964091e53bfdb2a7e5a97c30748bef63b5f971b53b3eb362813
                                                                                                                                                                                                                                • Instruction ID: 005431f8575fe0c72b362ada44667e48166a28296502d17186d27d8d2252e825
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3519a2a1b117964091e53bfdb2a7e5a97c30748bef63b5f971b53b3eb362813
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E251807652220BAFEB216F50CC4DFAB7BA9EF44758F144429F915E61D0DB74DC208BA0
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _strrchr
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3213747228-0
                                                                                                                                                                                                                                • Opcode ID: c3ed0d376608a570b3b521b077c8efc077dfbec983f27d761b9b7f2e2db3b283
                                                                                                                                                                                                                                • Instruction ID: 82f8753ddc7e8e1ccd86c33360accef76e26b213b9d1a0b3535de479c825bad5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3ed0d376608a570b3b521b077c8efc077dfbec983f27d761b9b7f2e2db3b283
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1DB15872E203969FDF118F64CC85BAE7BE5EF55710F1841A5E808AB382D7749921CBA0
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • type_info::operator==.LIBVCRUNTIME ref: 00292945
                                                                                                                                                                                                                                • CallUnexpected.LIBVCRUNTIME ref: 00292BBE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                • String ID: T*$csm$csm$csm
                                                                                                                                                                                                                                • API String ID: 2673424686-3689735377
                                                                                                                                                                                                                                • Opcode ID: 0435bddf54c662ce9f9ff70543928f48f66fca298882ba71c9f65a6fff275ea9
                                                                                                                                                                                                                                • Instruction ID: 5056384701b357a4fcfed52aa24210281fdef0527d1f770365afc2e77a241a3c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0435bddf54c662ce9f9ff70543928f48f66fca298882ba71c9f65a6fff275ea9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85B1683282020AEFCF25DFA4D881AAEB7B5FF14314F14415AE8156B256D334DA79CFA1
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00285C93
                                                                                                                                                                                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,00285C5C,?,00000000,?,0027B93C,?,?,0027D94E), ref: 00285CB2
                                                                                                                                                                                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00285C5C,?,00000000,?,0027B93C,?,?,0027D94E), ref: 00285CE0
                                                                                                                                                                                                                                • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00285C5C,?,00000000,?,0027B93C,?,?,0027D94E), ref: 00285D3B
                                                                                                                                                                                                                                • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00285C5C,?,00000000,?,0027B93C,?,?,0027D94E), ref: 00285D52
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                • String ID: \\(
                                                                                                                                                                                                                                • API String ID: 66001078-3109860452
                                                                                                                                                                                                                                • Opcode ID: 1d66649e96443251f75e01032f5af6d29aa0eb48dcc9de99349557c3d59a675a
                                                                                                                                                                                                                                • Instruction ID: 8c1b5a452cdc29f029777a6cc68a5aadf8ddfcdcff67409e341221eafc0c42cb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d66649e96443251f75e01032f5af6d29aa0eb48dcc9de99349557c3d59a675a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C418C39522A2BDFCB20EF65D4889AAB7F5FF04311B50492AD806C7690D730E9A5CF50
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,BB40E64E,?,00294208,00273E32,?,00000000,?), ref: 002941BA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                • Opcode ID: 53c4674217c2c81769e083050fb18c10bdc7273e0753598d1b2b82db873563af
                                                                                                                                                                                                                                • Instruction ID: 0ed8701c226f0dd80c1935a02b5659a2421946867606deed40b7a5ac86f4e89d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53c4674217c2c81769e083050fb18c10bdc7273e0753598d1b2b82db873563af
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01213031920212EBCF21BF64FC48E5A375CDF527A0F240211F90AA7290DB70EE66C9D0
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 0028295D
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00282968
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 002829D6
                                                                                                                                                                                                                                  • Part of subcall function 0028285F: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00282877
                                                                                                                                                                                                                                • std::locale::_Setgloballocale.LIBCPMT ref: 00282983
                                                                                                                                                                                                                                • _Yarn.LIBCPMT ref: 00282999
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 1088826258-307937090
                                                                                                                                                                                                                                • Opcode ID: 074684fe6768ee4ea4bc6b1530fb3511592d518b933ab699857aacf8613239ee
                                                                                                                                                                                                                                • Instruction ID: 2baea50721e6b86f6c294f7f71b03b7ca5d9e1f7a572c1c70f1c5d613d74a901
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 074684fe6768ee4ea4bc6b1530fb3511592d518b933ab699857aacf8613239ee
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24019E7DA12121DBDB06BF20E81953D7B6ABF81750B140108E811173C1DF346E2ACFD1
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,002A3374,000000FF,?,0028CAFD,0028C9E4,?,0028CB99,00000000), ref: 0028CA71
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0028CA83
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000,002A3374,000000FF,?,0028CAFD,0028C9E4,?,0028CB99,00000000), ref: 0028CAA5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll$&(
                                                                                                                                                                                                                                • API String ID: 4061214504-1743061208
                                                                                                                                                                                                                                • Opcode ID: e93c3f8e5573f83f449b6c894d22be3e2507d2bbd898273f995100631c45c307
                                                                                                                                                                                                                                • Instruction ID: c5e03fbb55372ebb82b3fcd20d73cf5814555ca3e38439625bb87e43c5de737f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e93c3f8e5573f83f449b6c894d22be3e2507d2bbd898273f995100631c45c307
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B801A73191461AAFCB15DF54EC09BAEBBB8FB06B11F044625F812A26D0DF74A910CB90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00286CC1
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00286CCF
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00286CE0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                • Opcode ID: f40f8cfd3e81b942406fd631a4e6aa9f003b9b143947f78cedcb15bf764f55d4
                                                                                                                                                                                                                                • Instruction ID: 0594a826f76035520612295f9f36018bede54dadfc1ef354a3d220d49040fef5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f40f8cfd3e81b942406fd631a4e6aa9f003b9b143947f78cedcb15bf764f55d4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAD09E755653115F83115BB47C0D89A3AA4EE1B7113490556F806D3550DFB89451CF51
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: ef4b5785f3dfbf71058317ac1f92f421804a01ad147fccb1efb9e4c871c5ca6c
                                                                                                                                                                                                                                • Instruction ID: 2f11a01f2573364cc08643eaf90b58b261f9b2a7b4e6c774574184a9cce4a8cb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef4b5785f3dfbf71058317ac1f92f421804a01ad147fccb1efb9e4c871c5ca6c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09B1F574A2434AAFDF11DFA8D841BBD7BB0BF49314F248198E905A7292C7709D61CF64
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00291FA5,00287361,00286681), ref: 00291FBC
                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00291FCA
                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00291FE3
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00291FA5,00287361,00286681), ref: 00292035
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                                                                • Opcode ID: e290912e058a04affc13045b87cde17656c324bde846b89376dbffc8322ec2aa
                                                                                                                                                                                                                                • Instruction ID: 291db3c5d12d24c1f81ffe097930238ed40baba4aa8dd26b1f3a2c72a0ef0b4c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e290912e058a04affc13045b87cde17656c324bde846b89376dbffc8322ec2aa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2501B53622A717BEBE252A757D8A9272644DB61B75B20032AF520440E2EF928C65E940
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AdjustPointer
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 1740715915-307937090
                                                                                                                                                                                                                                • Opcode ID: 5ec83958b60c8fda7b71708e548b2f56b650e5b6a02c6b7d2b467512c1135ee0
                                                                                                                                                                                                                                • Instruction ID: 64b1f013728bc4df690e28a0ee1764f9a41e5620ec100586149657a1b9662fb7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ec83958b60c8fda7b71708e548b2f56b650e5b6a02c6b7d2b467512c1135ee0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE51CF76A21202FFDF289F54D841BAA73A8FF44710F254529E805876A1E771E868CB90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 002843A0
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 002843AA
                                                                                                                                                                                                                                  • Part of subcall function 00274D90: std::_Lockit::_Lockit.LIBCPMT ref: 00274DBE
                                                                                                                                                                                                                                  • Part of subcall function 00274D90: std::_Lockit::~_Lockit.LIBCPMT ref: 00274DE9
                                                                                                                                                                                                                                • codecvt.LIBCPMT ref: 002843E4
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0028441B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 3716348337-307937090
                                                                                                                                                                                                                                • Opcode ID: ff668c8d27d25a6fa76a22631800b415906697e6390b40e945ae06125a8e971c
                                                                                                                                                                                                                                • Instruction ID: 2675687f0864e560a21a7d34dc4627a9dea201bc904cfdc29025c9826569a536
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff668c8d27d25a6fa76a22631800b415906697e6390b40e945ae06125a8e971c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7701D23992112ADBCB05FB64E819AAEB775FF84320F248508F4146B2D1DF709E248F91
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00294952
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00294A1B
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00294A82
                                                                                                                                                                                                                                  • Part of subcall function 002931C1: HeapAlloc.KERNEL32(00000000,?,?,?,002822A9,?,?,00273E32,00001000,?,00273D7A), ref: 002931F3
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00294A95
                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00294AA2
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1096550386-0
                                                                                                                                                                                                                                • Opcode ID: f77b5dad853d9e668f06bd212a33a0e1950dd1c080892075e45964b11de47858
                                                                                                                                                                                                                                • Instruction ID: 8285fe2517f504c861862d66e1c4217f8cebb1c1424ba8db321c326c197b736f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f77b5dad853d9e668f06bd212a33a0e1950dd1c080892075e45964b11de47858
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8751B172660207AFEF24BF60CC95EBB7BAAEF84710F154529FD04D6150EA70DD328A64
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseFileHandleSize
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3849164406-0
                                                                                                                                                                                                                                • Opcode ID: de5a0352d877afac41e6736c40da4baff8341e2bebdfaa98e39fd98c72744fbd
                                                                                                                                                                                                                                • Instruction ID: e07eb620f8bba40e2d018b511ba7532fef2bea7a02840765a591bc9f1b5032ea
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de5a0352d877afac41e6736c40da4baff8341e2bebdfaa98e39fd98c72744fbd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B718EB4D05248CFDB10EFA8D58879DBBF0BF48304F10852AE899AB351E774A959CF52
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 0029272D
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm$csm$&(
                                                                                                                                                                                                                                • API String ID: 3493665558-2125113848
                                                                                                                                                                                                                                • Opcode ID: c46b362ab6c9a24f0868a85e99b0c1bd966032c8517612e12ba1bfb50f102f86
                                                                                                                                                                                                                                • Instruction ID: ec3a06f6c7f4cb7fd7b4ccc333dda4e7b3b2468a89d2a38c5c95fe1d948ba7a1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c46b362ab6c9a24f0868a85e99b0c1bd966032c8517612e12ba1bfb50f102f86
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E431073642021AFBCF228F90DC409AABB6AFF08714B188559FC4419122C332CC75DFE1
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __EH_prolog3.LIBCMT ref: 002855F1
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 002855FB
                                                                                                                                                                                                                                  • Part of subcall function 00274D90: std::_Lockit::_Lockit.LIBCPMT ref: 00274DBE
                                                                                                                                                                                                                                  • Part of subcall function 00274D90: std::_Lockit::~_Lockit.LIBCPMT ref: 00274DE9
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0028566C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 1383202999-307937090
                                                                                                                                                                                                                                • Opcode ID: 910882ac5d7c0c45b36847709e394d74cc3a4d1da8b54884054021041932b60c
                                                                                                                                                                                                                                • Instruction ID: 3e7495447f6e8f7f36f44e3b1e355ae86d57a55864b88a5631804703c789e5b2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 910882ac5d7c0c45b36847709e394d74cc3a4d1da8b54884054021041932b60c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4211E139821125DBDB06FF64E819ABDBBA9FF80320F640508E4156B2D1DF709E24CB80
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0029DDCD,00000000,?,002B21B8,?,?,?,0029DD04,00000004,InitializeCriticalSectionEx,002A808C,002A8094), ref: 0029DD3E
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,0029DDCD,00000000,?,002B21B8,?,?,?,0029DD04,00000004,InitializeCriticalSectionEx,002A808C,002A8094,00000000,?,00292E6C), ref: 0029DD48
                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0029DD70
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                • Opcode ID: f77b87649863ba76f66efccf8f41af2b80e7bb88cfe041e84cba38d25588ac79
                                                                                                                                                                                                                                • Instruction ID: 061849d3d6d365651fe9daa9e2265f2499e5b1e7d07d92973d78d5076d9af598
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f77b87649863ba76f66efccf8f41af2b80e7bb88cfe041e84cba38d25588ac79
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52E04FB12D0606BBEF101F71EC0AB293B58AF11B41F144470F90EA84E1EF62E934ED54
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 0029B13A
                                                                                                                                                                                                                                  • Part of subcall function 002932D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00294A78,?,00000000,-00000008), ref: 00293332
                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0029B38C
                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0029B3D2
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0029B475
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2112829910-0
                                                                                                                                                                                                                                • Opcode ID: 3a65b338b5fded6873f8c2fe54cdf887eaf3277b9f8030a617c4078bb8b46726
                                                                                                                                                                                                                                • Instruction ID: 3ddc618880e8796598038b2b4d50fa79d0ca7545d897e0ed468d7de693e5582d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a65b338b5fded6873f8c2fe54cdf887eaf3277b9f8030a617c4078bb8b46726
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4D18BB5D10248DFCF05CFA8E994AADBBB4FF09304F18456AE856EB252D730A911CF50
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 002932D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00294A78,?,00000000,-00000008), ref: 00293332
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00298F67
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00298F6E
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00298FA8
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00298FAF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1913693674-0
                                                                                                                                                                                                                                • Opcode ID: fe01f00f5fd8f8051ec6098c1b8fcb4b3fa40072d3df099a8670bb4276acde4d
                                                                                                                                                                                                                                • Instruction ID: 0da3e4bc714f8d9a5db7bc7b3f64f4401d1afd6885404cfba14fd67af22ad6fe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe01f00f5fd8f8051ec6098c1b8fcb4b3fa40072d3df099a8670bb4276acde4d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5021D771624216AFDF10BF71C88082BB7AEFF063647588519F92997990DF30ED208F90
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 17693594a1eef7f1e38f5d66e6eec3c1cdc138c723c7e67cdf256801c2cd3b3d
                                                                                                                                                                                                                                • Instruction ID: 062694a5592e370d81d76199cdff187969ccbf2d279bfb1bc9d9b85f295222a3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17693594a1eef7f1e38f5d66e6eec3c1cdc138c723c7e67cdf256801c2cd3b3d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB219279222216AFDB10BF658841D7A77ADFF41364B194528F816976D1EB30ECA08F90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 0029A301
                                                                                                                                                                                                                                  • Part of subcall function 002932D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00294A78,?,00000000,-00000008), ref: 00293332
                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0029A339
                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0029A359
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 158306478-0
                                                                                                                                                                                                                                • Opcode ID: 4f408e48e2650bd35a18dd6401b386da015c82316080849ab27d0f920fa7cb54
                                                                                                                                                                                                                                • Instruction ID: b27289f44f0d698a813a6a6a6560f165ea80ba38832b38e4ad6723a62598e22d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f408e48e2650bd35a18dd6401b386da015c82316080849ab27d0f920fa7cb54
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1511C4E1921316BFAF117B75AC8DC6F2A9CEE853943110064F80AD1110FE649E2185B6
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,002A16CF,00000000,00000001,?,?,?,0029B4C9,?,00000000,00000000), ref: 002A21F7
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,002A16CF,00000000,00000001,?,?,?,0029B4C9,?,00000000,00000000,?,?,?,0029AE0F,?), ref: 002A2203
                                                                                                                                                                                                                                  • Part of subcall function 002A2254: CloseHandle.KERNEL32(FFFFFFFE,002A2213,?,002A16CF,00000000,00000001,?,?,?,0029B4C9,?,00000000,00000000,?,?), ref: 002A2264
                                                                                                                                                                                                                                • ___initconout.LIBCMT ref: 002A2213
                                                                                                                                                                                                                                  • Part of subcall function 002A2235: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,002A21D1,002A16BC,?,?,0029B4C9,?,00000000,00000000,?), ref: 002A2248
                                                                                                                                                                                                                                • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,002A16CF,00000000,00000001,?,?,?,0029B4C9,?,00000000,00000000,?), ref: 002A2228
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2744216297-0
                                                                                                                                                                                                                                • Opcode ID: e56edb8a7a97b66011838bc322e0a30b86fca594cf229d38a3e61853e9de13c1
                                                                                                                                                                                                                                • Instruction ID: 8e49e0623b5c6f2f06b1b95e6870e03f1ed6933b9b1c027c2857f6588aa71ff8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e56edb8a7a97b66011838bc322e0a30b86fca594cf229d38a3e61853e9de13c1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EEF01C36010126BBCF222FA5EC1CA9A7F26FB0A3A1B054150FE1985520CF32C930AB90
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00287122
                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00287131
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 0028713A
                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00287147
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                • Opcode ID: 4c8ed87daaff8e05aa943293c15354c362088c9f62f7fcedb66d7bcac63f78b5
                                                                                                                                                                                                                                • Instruction ID: 8f646791dc4dc4add412858f11f55e022237aa41dcf66fc8029e6fdd097a45b5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c8ed87daaff8e05aa943293c15354c362088c9f62f7fcedb66d7bcac63f78b5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17F06274D1120DEFCB00DBB4DA8999EBBF4EF1D200B914995A412F7510EB34AB449B51
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _strcspn
                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                • API String ID: 3709121408-2766056989
                                                                                                                                                                                                                                • Opcode ID: 517ff54ced6e7b386021bdb8af322ccea77e94c4bee14e4b3ee73af0b34da378
                                                                                                                                                                                                                                • Instruction ID: 63e6de5f95d1f647b7def46c0c5f13847c9ef15b83b24c89500ddaee13cfb462
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 517ff54ced6e7b386021bdb8af322ccea77e94c4bee14e4b3ee73af0b34da378
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A132E3B491426A8FCB24DF64C985A9DFBF1BF48300F04C5AAE84DA7311D730AA94CF91
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00293413: GetLastError.KERNEL32(00000000,?,00295749), ref: 00293417
                                                                                                                                                                                                                                  • Part of subcall function 00293413: SetLastError.KERNEL32(00000000,?,?,00000028,0028F7C9), ref: 002934B9
                                                                                                                                                                                                                                • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,0028D04D,?,?,?,00000055,?,-00000050,?,?,?), ref: 00297BA2
                                                                                                                                                                                                                                • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,0028D04D,?,?,?,00000055,?,-00000050,?,?), ref: 00297BD9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                • String ID: utf8
                                                                                                                                                                                                                                • API String ID: 943130320-905460609
                                                                                                                                                                                                                                • Opcode ID: f680baa870391e1c3f2273917e401d734f1d23a44205575f4f366e1c899d2bbd
                                                                                                                                                                                                                                • Instruction ID: a76e59fa6762206aa1545e68399cc88eafd817a7a3c601778a975a40b1b6538b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f680baa870391e1c3f2273917e401d734f1d23a44205575f4f366e1c899d2bbd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6151F871638306AADF25AF74CC42FA673A8EF45704F15046AFA05DB181FBB0D960CB65
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134286799.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_400000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MetricsSystem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                • Opcode ID: 9bde09ebd8d5cf31c1986093f8ab55a60d34f3541895d9881521e8b84c7ab459
                                                                                                                                                                                                                                • Instruction ID: b5c6cae23c9e1c22f5972a34cb560fd43e805cb10d93d1bb56afb9436da8a92b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bde09ebd8d5cf31c1986093f8ab55a60d34f3541895d9881521e8b84c7ab459
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 485193B4E142049FDB40EFACD985A9DBBF0BB88300F10856AE859E7354D734A949CF96
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00292B4B,?,?,00000000,00000000,00000000,?), ref: 00292C6F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EncodePointer
                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                • Opcode ID: 30497f57cb9072e1019d315b93f566f03ada67345be4e54c452c12e146b0c845
                                                                                                                                                                                                                                • Instruction ID: b0931386ece7745709f287c2a7806ab3dbc06031ac6971d99f7b6f59242c7b9b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30497f57cb9072e1019d315b93f566f03ada67345be4e54c452c12e146b0c845
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B41677290020AFFCF25DF98CD81AEEBBB5FF48304F198099F904A6265D3359964DB61
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00283114
                                                                                                                                                                                                                                • RaiseException.KERNEL32(?,?,?,?), ref: 00283139
                                                                                                                                                                                                                                  • Part of subcall function 00287223: RaiseException.KERNEL32(E06D7363,00000001,00000003,00285F93,?,?,?,?,00285F93,00001000,002AE1AC,00001000), ref: 00287284
                                                                                                                                                                                                                                  • Part of subcall function 0028F7B9: IsProcessorFeaturePresent.KERNEL32(00000017,0028A37B,?,?,?,?,00000000), ref: 0028F7D5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                • Opcode ID: 73dcb464449e1ed5e59327f8c1632d98f2d1cc44432495d833b22259409c4fc2
                                                                                                                                                                                                                                • Instruction ID: dacc2dcdb28fac2274aaba895b16458c8f23ad44b50cf3bc95864e91806998e6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73dcb464449e1ed5e59327f8c1632d98f2d1cc44432495d833b22259409c4fc2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5321AF3AD12219DBCF24EF95D9499AEB7B9EF04F10F140409E419AB6D0CB30AE64CF91
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 0028288E
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 002828EA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                • String ID: &(
                                                                                                                                                                                                                                • API String ID: 593203224-307937090
                                                                                                                                                                                                                                • Opcode ID: 604690c0580e47a1de4140a06a7fcc846d74c740d800155aaefb7556859b4dde
                                                                                                                                                                                                                                • Instruction ID: 7d33a9e0953059bbbc661dc6b31b55fc3771d082f77a98110b688bdd68cbf3a5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 604690c0580e47a1de4140a06a7fcc846d74c740d800155aaefb7556859b4dde
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95018039A10119EFCF01EF14D895E9977B8EF84710B140099E4019B2A0DF70FD49CB60
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 002751C2
                                                                                                                                                                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 0027520C
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: std::_$Locinfo::_Locinfo_dtorLockitLockit::~_
                                                                                                                                                                                                                                • String ID: <O'
                                                                                                                                                                                                                                • API String ID: 3286764726-14361415
                                                                                                                                                                                                                                • Opcode ID: ff2c69196ce1864e9ada42a47a0e228b79ffdf9dd25cad2aeb9fb52937600be8
                                                                                                                                                                                                                                • Instruction ID: a5a2f7895338e2ff1b1cb471010c704baa189e61bc1a3b0bc429d693c65cf235
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff2c69196ce1864e9ada42a47a0e228b79ffdf9dd25cad2aeb9fb52937600be8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FF0BD30910258ABCB09FBFCC5E176DBB76EF41318F484068D50A67343EA309AA0CF55
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 00293F67
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                                                                                                • String ID: InitializeCriticalSectionEx$&(
                                                                                                                                                                                                                                • API String ID: 2593887523-3881785404
                                                                                                                                                                                                                                • Opcode ID: 5097c3a1f1a6c17a789eb930378e1bf0c6e1efa2d3f135fb6e5647dc1a9fe872
                                                                                                                                                                                                                                • Instruction ID: f0c36f7b5d787d67480aa9572afd736ff5c338521a208aa9d873b09b27f2fe57
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5097c3a1f1a6c17a789eb930378e1bf0c6e1efa2d3f135fb6e5647dc1a9fe872
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CE09A329A4218B7CF216F50EC09DAE3F25EB42B60B004020FD19166A1CBB28A30EA84
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Alloc
                                                                                                                                                                                                                                • String ID: FlsAlloc$&(
                                                                                                                                                                                                                                • API String ID: 2773662609-851922512
                                                                                                                                                                                                                                • Opcode ID: 04aa95a965decb90426bdf8b4e8d3486c1f81e7666ea03a8d2df8a1fe28b36ae
                                                                                                                                                                                                                                • Instruction ID: 0806ac3196afb16256e314e4a1003984ef87e3511e2dfd38fb31e1dc76f63323
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04aa95a965decb90426bdf8b4e8d3486c1f81e7666ea03a8d2df8a1fe28b36ae
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BE0C231BA5225778F20B691AC0AEAE7D448B53B61B000060FA0A52192DEA14A3096E9
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(002B21E0), ref: 00293CC4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.3134087440.0000000000271000.00000020.00000001.01000000.00000003.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134059355.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134141668.00000000002A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134169272.00000000002AF000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134193352.00000000002B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134216104.00000000002B7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.3134263604.00000000002FF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                • Snapshot File: hcaresult_3_2_270000_Wave-Executor.jbxd
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                • String ID: 8"+$!+
                                                                                                                                                                                                                                • API String ID: 3664257935-2600777259
                                                                                                                                                                                                                                • Opcode ID: 70b3837872207a03c26fea90ba29207eed96e64351f1edf8f88af0a33020dbb4
                                                                                                                                                                                                                                • Instruction ID: 990ac143cef451ca2acb6fd10be919b99bf122ef95ba4d5b501aac95cebd5139
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70b3837872207a03c26fea90ba29207eed96e64351f1edf8f88af0a33020dbb4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9CE08636C30A16DBDF305E0CD90879076D85B10375F55052BD8ED356A092714DF5C681