Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setups.exe

Overview

General Information

Sample name:setups.exe
Analysis ID:1596772
MD5:65dfdbfed14a0303a91f042083c72255
SHA1:257cd07968ea21cbba0f046cd348213d3a9004b6
SHA256:95ce6a254a608c064f7a36a703f28e7a22043d0b88526b2d4253cd17574bb950
Tags:exeuser-aachum
Infos:

Detection

Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Drops executables to the windows directory (C:\Windows) and starts them
Enables a proxy for the internet explorer
Found pyInstaller with non standard icon
Installs new ROOT certificates
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Potentially malicious time measurement code found
Registers a new ROOT certificate
Sample is not signed and drops a device driver
Sets a proxy for the internet explorer
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Detected suspicious crossdomain redirect
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • setups.exe (PID: 5672 cmdline: "C:\Users\user\Desktop\setups.exe" MD5: 65DFDBFED14A0303A91F042083C72255)
    • msiexec.exe (PID: 5544 cmdline: "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\Secure\Installer 5\install\using python exe.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\setups.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1737552040 " MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 2172 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 2800 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 93C04E8712A918E7EA60766412ADE486 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 1516 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6F99149891529616C10F649CA42C59BC MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSIFF78.tmp (PID: 6404 cmdline: "C:\Windows\Installer\MSIFF78.tmp" https://telixsearch.com/thankyou MD5: FDBC1876C1B3E7CA3CE9FA8EA00EC94F)
      • chrome.exe (PID: 6004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://telixsearch.com/thankyou MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 2972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2040,i,16677488193981522078,8808964442902892412,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • wse.exe (PID: 7696 cmdline: "C:\Program Files (x86)\Secure\Installer\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
      • wse.exe (PID: 7876 cmdline: "C:\Program Files (x86)\Secure\Installer\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
        • cmd.exe (PID: 7908 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • certutil.exe (PID: 8044 cmdline: "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy\mitmproxy-ca-cert.pem MD5: F17616EC0522FC5633151F7CAA278CAA)
          • conhost.exe (PID: 8056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • wse.exe (PID: 7624 cmdline: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
    • wse.exe (PID: 1576 cmdline: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
      • cmd.exe (PID: 7436 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • wse.exe (PID: 7716 cmdline: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
    • wse.exe (PID: 7748 cmdline: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
      • cmd.exe (PID: 3836 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Secure\Installer\wse.exe, ProcessId: 7876, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WSE_Driver
Sigma detected: Modification of IE Registry Settings
Source: Registry Key setAuthor: frack113: Data: Details: 127.0.0.1:20034, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Secure\Installer\wse.exe, ProcessId: 7876, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeReversingLabs: Detection: 58%
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeReversingLabs: Detection: 58%
Multi AV Scanner detection for submitted file
Source: setups.exeVirustotal: Detection: 44%Perma Link
Source: setups.exeReversingLabs: Detection: 42%
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908CE850 BCryptGenRandom,11_2_00007FF8908CE850
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890865D60 GetProcessHeap,HeapAlloc,memmove,QueryPerformanceCounter,BCryptGenRandom,memmove,memset,QueryPerformanceCounter,memmove,QueryPerformanceCounter,memset,memset,GetLastError,GetLastError,GetLastError,11_2_00007FF890865D60
Source: setups.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\MarkupSafe-3.0.2.dist-info\LICENSE.txtJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\itsdangerous-2.2.0.dist-info\LICENSE.txtJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\werkzeug-3.1.3.dist-info\LICENSE.txtJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\MarkupSafe-3.0.2.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\itsdangerous-2.2.0.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\werkzeug-3.1.3.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\MarkupSafe-3.0.2.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\itsdangerous-2.2.0.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\werkzeug-3.1.3.dist-info\LICENSE.txt
Source: setups.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: wse.exe, 0000000B.00000002.3417032163.00007FF89233D000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: wininet.pdb source: setups.exe, 00000000.00000003.2123935534.00000000091B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: wse.exe, 0000000B.00000002.3417531454.00007FF892475000.00000002.00000001.01000000.00000023.sdmp, wse.exe, 00000013.00000002.3420748729.00007FF891F05000.00000002.00000001.01000000.00000048.sdmp
Source: Binary string: signToolcAToolsignToolCertcAToolCertISSUER_SIGN_TOOLv2i_issuer_sign_toolcrypto\x509\v3_ist.ci2r_issuer_sign_tool%*ssignTool : %*scATool : %*ssignToolCert: %*scAToolCert : compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: PKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excrypto\bio\bio_sock.cBIO_sock_initcalling wsastartup()BIO_socket_ioctlcalling ioctlsocket()i2d_ASN1_bio_streamcrypto\asn1\asn_mime.cB64_write_ASN1-----BEGIN %s----- source: wse.exe, 0000000B.00000002.3410894586.00007FF88FCE8000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbE source: MSIFF78.tmp, 00000006.00000002.2149800260.0000000000D30000.00000002.00000001.01000000.00000008.sdmp, MSIFF78.tmp, 00000006.00000000.2144382949.0000000000D30000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3424408211.00007FF8B78BD000.00000002.00000001.01000000.00000012.sdmp, wse.exe, 00000012.00000003.2393111451.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: wse.exe, 0000000B.00000002.3430079326.00007FF8B8F74000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\cryptography\cryptography\cryptography-38.0.4\src\rust\target\release\deps\cryptography_rust.pdb source: wse.exe, 0000000B.00000002.3418492822.00007FF897789000.00000002.00000001.01000000.0000001E.sdmp, wse.exe, 00000013.00000002.3412796850.00007FF88DEC9000.00000002.00000001.01000000.00000043.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3428735250.00007FF8B8AF3000.00000002.00000001.01000000.0000001D.sdmp, wse.exe, 00000012.00000003.2396965112.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: wse.exe, 0000000B.00000002.3417531454.00007FF892475000.00000002.00000001.01000000.00000023.sdmp, wse.exe, 00000013.00000002.3420748729.00007FF891F05000.00000002.00000001.01000000.00000048.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3429259572.00007FF8B8C16000.00000002.00000001.01000000.0000001C.sdmp, wse.exe, 00000012.00000003.2393712496.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3423795241.00007FF8B8266000.00000002.00000001.01000000.00000041.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: wse.exe, 0000000B.00000002.3421054358.00007FF8A8A65000.00000002.00000001.01000000.0000001A.sdmp, wse.exe, 00000013.00000002.3420153848.00007FF890D15000.00000002.00000001.01000000.0000003F.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3425917912.00007FF8B7E0E000.00000002.00000001.01000000.00000011.sdmp, wse.exe, 00000012.00000003.2389740328.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wse.exe, 0000000A.00000003.2207879018.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3428216429.00007FF8B8835000.00000002.00000001.01000000.00000024.sdmp, wse.exe, 00000012.00000003.2388242139.0000026E5EEA3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: wse.exe, 0000000B.00000002.3410894586.00007FF88FCE8000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wse.exe, 0000000B.00000002.3414759693.00007FF891B3F000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3429745405.00007FF8B8CB3000.00000002.00000001.01000000.00000016.sdmp, wse.exe, 00000012.00000003.2394028703.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3425233097.00007FF8B82C3000.00000002.00000001.01000000.0000003B.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: wse.exe, 0000000B.00000002.3423158078.00007FF8B603D000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3422682767.00007FF8B5727000.00000002.00000001.01000000.0000001F.sdmp, wse.exe, 00000012.00000003.2392659319.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3422031142.00007FF8B5707000.00000002.00000001.01000000.00000044.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3424408211.00007FF8B78BD000.00000002.00000001.01000000.00000012.sdmp, wse.exe, 00000012.00000003.2393111451.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setups.exe, 00000000.00000000.2112060146.0000000000A29000.00000002.00000001.01000000.00000003.sdmp, setups.exe, 00000000.00000002.2207072685.0000000000A29000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: wse.exe, 0000000B.00000002.3414759693.00007FF891B3F000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wse.exe, 0000000A.00000003.2207561297.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3427292257.00007FF8B7E61000.00000002.00000001.01000000.0000000D.sdmp, wse.exe, 00000012.00000003.2388015883.0000026E5EEA3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: wse.exe, 0000000B.00000002.3426708825.00007FF8B7E31000.00000002.00000001.01000000.0000000F.sdmp, wse.exe, 00000013.00000002.3429082787.00007FF8B9121000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: wse.exe, 0000000B.00000002.3421054358.00007FF8A8A65000.00000002.00000001.01000000.0000001A.sdmp, wse.exe, 00000013.00000002.3420153848.00007FF890D15000.00000002.00000001.01000000.0000003F.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: wse.exe, 0000000B.00000002.3424055775.00007FF8B7835000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3424931878.00007FF8B7DE9000.00000002.00000001.01000000.00000013.sdmp, wse.exe, 00000012.00000003.2394905173.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: wse.exe, 0000000B.00000002.3430947978.00007FF8BA4F2000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: wininet.pdbUGP source: setups.exe, 00000000.00000003.2123935534.00000000091B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: wse.exe, 0000000B.00000002.3417032163.00007FF89233D000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3423677345.00007FF8B77F7000.00000002.00000001.01000000.0000001B.sdmp, wse.exe, 00000012.00000003.2388411084.0000026E5EEA3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3424126339.00007FF8B8277000.00000002.00000001.01000000.00000040.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: wse.exe, 0000000B.00000002.3411508850.00007FF89079C000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: wse.exe, 0000000B.00000002.3419111256.00007FF897B13000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\a\mitmproxy_wireguard\mitmproxy_wireguard\target\release\deps\mitmproxy_wireguard.pdb source: wse.exe, 0000000B.00000002.3412715280.00007FF890909000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: MSIFF78.tmp, 00000006.00000002.2149800260.0000000000D30000.00000002.00000001.01000000.00000008.sdmp, MSIFF78.tmp, 00000006.00000000.2144382949.0000000000D30000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: wse.exe, 0000000B.00000002.3414759693.00007FF891BC1000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: challengeNETSCAPE_SPKACspkacsig_algorcrypto\bn\bn_exp.cBN_mod_exp_recpBN_mod_exp_mont_wordX509V3_EXT_nconf_intcrypto\x509\v3_conf.csection=%s, name=%s, value=%sdo_ext_nconfname=%s,section=%sdo_ext_i2dX509V3_EXT_i2dcritical,DER:ASN1:v3_generic_extensionvalue=%sX509V3_get_sectioncrypto\x509\v3_lib.cX509V3_add1_i2dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.0.7built on: Fri Nov 25 00:13:15 2022 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot available source: wse.exe, 0000000B.00000002.3410894586.00007FF88FCE8000.00000002.00000001.01000000.00000020.sdmp
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile opened: c:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008C5BA0 FindFirstFileW,GetLastError,FindClose,0_2_008C5BA0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008FC5B0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_008FC5B0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008D4840 FindFirstFileW,FindClose,FindClose,0_2_008D4840
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008FCA30 FindFirstFileW,FindClose,0_2_008FCA30
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008C5270 FindFirstFileW,FindFirstFileW,FindClose,FindClose,0_2_008C5270
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007854C0 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,0_2_007854C0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008A77A0 FindFirstFileW,FindNextFileW,FindClose,0_2_008A77A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008F1E30 FindFirstFileW,FindClose,CloseHandle,CloseHandle,0_2_008F1E30
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D21CA0 FindFirstFileExW,6_2_00D21CA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE492F0 FindFirstFileExW,FindClose,10_2_00007FF77AE492F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE483B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,10_2_00007FF77AE483B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE618E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,10_2_00007FF77AE618E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE492F0 FindFirstFileExW,FindClose,11_2_00007FF77AE492F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE483B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,11_2_00007FF77AE483B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE618E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,11_2_00007FF77AE618E4
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007A4BB0 GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLastError,0_2_007A4BB0

Networking

barindex
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Source: WinDivert32.sys.10.drStatic PE information: Found NDIS imports: FwpsCalloutRegister0, FwpsInjectNetworkSendAsync0, FwpsInjectForwardAsync0, FwpmCalloutAdd0, FwpsAllocateNetBufferAndNetBufferList0, FwpsQueryPacketInjectionState0, FwpmEngineOpen0, FwpsInjectionHandleCreate0, FwpsInjectNetworkReceiveAsync0, FwpmEngineClose0, FwpmTransactionCommit0, FwpmSubLayerDeleteByKey0, FwpmTransactionBegin0, FwpsInjectionHandleDestroy0, FwpmSubLayerAdd0, FwpsCalloutUnregisterByKey0, FwpmTransactionAbort0, FwpmCalloutDeleteByKey0, FwpmFilterDeleteByKey0, FwpsFreeNetBufferList0, FwpmFilterAdd0
Source: WinDivert64.sys.10.drStatic PE information: Found NDIS imports: FwpsQueryPacketInjectionState0, FwpsInjectNetworkReceiveAsync0, FwpmSubLayerAdd0, FwpsCalloutUnregisterByKey0, FwpmCalloutDeleteByKey0, FwpmSubLayerDeleteByKey0, FwpsFreeNetBufferList0, FwpmEngineClose0, FwpmTransactionBegin0, FwpmFilterAdd0, FwpmEngineOpen0, FwpmTransactionAbort0, FwpsCalloutRegister0, FwpsInjectForwardAsync0, FwpmFilterDeleteByKey0, FwpmCalloutAdd0, FwpsInjectNetworkSendAsync0, FwpmTransactionCommit0, FwpsInjectionHandleCreate0, FwpsAllocateNetBufferAndNetBufferList0, FwpsInjectionHandleDestroy0
Source: WinDivert32.sys.18.drStatic PE information: Found NDIS imports: FwpsCalloutRegister0, FwpsInjectNetworkSendAsync0, FwpsInjectForwardAsync0, FwpmCalloutAdd0, FwpsAllocateNetBufferAndNetBufferList0, FwpsQueryPacketInjectionState0, FwpmEngineOpen0, FwpsInjectionHandleCreate0, FwpsInjectNetworkReceiveAsync0, FwpmEngineClose0, FwpmTransactionCommit0, FwpmSubLayerDeleteByKey0, FwpmTransactionBegin0, FwpsInjectionHandleDestroy0, FwpmSubLayerAdd0, FwpsCalloutUnregisterByKey0, FwpmTransactionAbort0, FwpmCalloutDeleteByKey0, FwpmFilterDeleteByKey0, FwpsFreeNetBufferList0, FwpmFilterAdd0
Source: WinDivert64.sys.18.drStatic PE information: Found NDIS imports: FwpsQueryPacketInjectionState0, FwpsInjectNetworkReceiveAsync0, FwpmSubLayerAdd0, FwpsCalloutUnregisterByKey0, FwpmCalloutDeleteByKey0, FwpmSubLayerDeleteByKey0, FwpsFreeNetBufferList0, FwpmEngineClose0, FwpmTransactionBegin0, FwpmFilterAdd0, FwpmEngineOpen0, FwpmTransactionAbort0, FwpsCalloutRegister0, FwpsInjectForwardAsync0, FwpmFilterDeleteByKey0, FwpmCalloutAdd0, FwpsInjectNetworkSendAsync0, FwpmTransactionCommit0, FwpsInjectionHandleCreate0, FwpsAllocateNetBufferAndNetBufferList0, FwpsInjectionHandleDestroy0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: telixsearch.com to https://2ly.link/23gga
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: 2ly.link to https://telixsearch.com/thankyou2
Source: Joe Sandbox ViewIP Address: 104.21.75.210 104.21.75.210
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 52.0.186.77
Source: unknownTCP traffic detected without corresponding DNS query: 52.0.186.77
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /thankyou HTTP/1.1Host: telixsearch.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /23GGa HTTP/1.1Host: 2ly.linkConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /thankyou2 HTTP/1.1Host: telixsearch.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /style.css HTTP/1.1Host: telixsearch.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telixsearch.com/thankyou2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r.php?payout=OPTIONAL&cnv_id=OPTIONAL HTTP/1.1Host: domainmxx8.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telixsearch.com/thankyou2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r.php?payout=OPTIONAL&cnv_id=OPTIONAL HTTP/1.1Host: domainmxx7.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telixsearch.com/thankyou2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: telixsearch.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telixsearch.com/thankyou2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r.php?payout=OPTIONAL&cnv_id=OPTIONAL HTTP/1.1Host: domainmxx7.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r.php?payout=OPTIONAL&cnv_id=OPTIONAL HTTP/1.1Host: domainmxx8.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQg3SSkKA74hABkhmlBtJTz8w3hlAQU%2BWC71OPVNPa49QaAJadz20ZpqJ4CEEJLalPOx2YUHCpjsaUcQQQ%3D HTTP/1.1Cache-Control: max-age = 86Proxy-Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 26 Sep 2024 16:44:14 GMTIf-None-Match: "3d5557f4d0ce85b5d42ae97579b154c53648c418"User-Agent: Microsoft-CryptoAPI/10.0Host: ocsps.ssl.com
Source: global trafficDNS traffic detected: DNS query: telixsearch.com
Source: global trafficDNS traffic detected: DNS query: 2ly.link
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: domainmxx8.cfd
Source: global trafficDNS traffic detected: DNS query: domainmxx7.cfd
Source: global trafficDNS traffic detected: DNS query: domainmxx6.cfd
Source: global trafficDNS traffic detected: DNS query: ocsps.ssl.com
Source: unknownHTTP traffic detected: POST /report/v4?s=gzQCU3HMDoYWV3DEIcVKOHdmOhDSnL%2BYuUsEklRxmuht8COqVrbIApkqLOQn7iDRd7AHQ66Yt4JvDZMS4sdXegmb167sxhioaLWqcCIQovXAYZgr0ioST99q7UmBgc2pX%2B8%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 428Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 Jan 2025 13:24:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachevary: User-Agentalt-svc: h3=":443"; ma=86400x-turbo-charged-by: LiteSpeedCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gzQCU3HMDoYWV3DEIcVKOHdmOhDSnL%2BYuUsEklRxmuht8COqVrbIApkqLOQn7iDRd7AHQ66Yt4JvDZMS4sdXegmb167sxhioaLWqcCIQovXAYZgr0ioST99q7UmBgc2pX%2B8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 905fdd3f79971c7e-AMSserver-timing: cfL4;desc="?proto=TCP&rtt=77354&min_rtt=77338&rtt_var=29034&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1125&delivery_rate=37692&cwnd=32&unsent_bytes=0&cid=7413efcb0e242c75&ts=788&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 Jan 2025 13:24:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachevary: User-Agentalt-svc: h3=":443"; ma=86400x-turbo-charged-by: LiteSpeedCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QaueJB3ANewSEam7FYszrvRTmcgn3CfsEEqvCH8bDFprfeFRjyVlpPZxxYtnK2MyKvfcoxnDDKh4AXnngXWjDYKjlPQNz2QHx2bg8%2BBBTD%2BgKXaJR%2FZesGva33e90zfQx2o%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 905fdd55bb87be52-DUBserver-timing: cfL4;desc="?proto=TCP&rtt=93588&min_rtt=93584&rtt_var=35102&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1173&delivery_rate=31190&cwnd=32&unsent_bytes=0&cid=5981ffa696263219&ts=832&x=0"
Source: wse.exe, 0000000B.00000002.3417905634.00007FF892511000.00000002.00000001.01000000.00000022.sdmp, wse.exe, 00000013.00000002.3419603351.00007FF890A51000.00000002.00000001.01000000.00000047.sdmpString found in binary or memory: http://.css
Source: wse.exe, 0000000B.00000002.3417905634.00007FF892511000.00000002.00000001.01000000.00000022.sdmp, wse.exe, 00000013.00000002.3419603351.00007FF890A51000.00000002.00000001.01000000.00000047.sdmpString found in binary or memory: http://.jpg
Source: wse.exe, 0000000B.00000002.3392979473.00000219DAF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
Source: wse.exe, 0000000B.00000002.3397500231.00000219DBB5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://browsercookielimits.squawky.net/
Source: wse.exe, 0000000B.00000002.3387593788.00000219DA960000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3382710977.000001E9EAF95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugs.jython.org/issue1758320
Source: wse.exe, 0000000B.00000002.3395575855.00000219DB580000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3395711249.000001E9EBFA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue5784
Source: setups.exe, 00000000.00000002.2208654064.00000000098A0000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204940226.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2182961465.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204801814.0000000004E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393111451.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4Co
Source: wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210670491.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217008615.000001CE66711000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216616595.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210209585.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2209539187.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2390209167.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391842400.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391166512.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397152994.0000026E5EEB2000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2392659319.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2394028703.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: setups.exe, 00000000.00000002.2208654064.00000000098A0000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.2207874711.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2182961465.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204801814.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210670491.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216616595.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210209585.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2209539187.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2390209167.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391842400.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: setups.exe, 00000000.00000003.2204940226.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2182961465.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204801814.0000000004E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRo
Source: wse.exe, 0000000A.00000003.2209539187.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2390209167.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.c
Source: setups.exe, 00000000.00000002.2208654064.00000000098A0000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.2207874711.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2182961465.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204801814.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210670491.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217008615.000001CE66711000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216616595.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210209585.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2209539187.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2390209167.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: setups.exe, 00000000.00000003.2120670506.0000000004E88000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
Source: setups.exe, 00000000.00000002.2208654064.00000000098A0000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204940226.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2182961465.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204801814.0000000004E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2394028703.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4
Source: wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210670491.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217008615.000001CE66711000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216616595.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210209585.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2209539187.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2390209167.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391842400.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391166512.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397152994.0000026E5EEB2000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2392659319.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2394028703.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: setups.exe, 00000000.00000003.2204940226.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2182961465.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204801814.0000000004E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256Time
Source: setups.exe, 00000000.00000002.2208654064.00000000098A0000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.2207874711.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2182961465.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204801814.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210670491.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216616595.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210209585.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2209539187.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2390209167.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391842400.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: wse.exe, 00000012.00000003.2393111451.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210670491.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217008615.000001CE66711000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216616595.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210209585.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2209539187.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2390209167.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391842400.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391166512.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397152994.0000026E5EEB2000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2392659319.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2394028703.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: setups.exe, 00000000.00000003.2120670506.0000000004E88000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: wse.exe, 0000000B.00000002.3409499730.00000219DD850000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?1bc7720844cfe
Source: wse.exe, 0000000B.00000002.3408684455.00000219DD520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?58fcb61
Source: wse.exe, 0000000B.00000002.3409351438.00000219DD810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?aa5bdae34c80d
Source: wse.exe, 0000000B.00000002.3407099803.00000219DD030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: wse.exe, 0000000B.00000002.3397598592.00000219DBBF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_blowfish/wrapper.c.diff?r1=1.9;r2
Source: wse.exe, 0000000B.00000002.3387593788.00000219DA9DB000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2253111489.00000219DA961000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2430874754.000001E9EAFCA000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3382710977.000001E9EAF95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/pprint.html#pprint.pprint
Source: wse.exe, 0000000B.00000002.3394137035.00000219DB1E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: wse.exe, 0000000B.00000002.3394054728.00000219DB1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: wse.exe, 0000000B.00000002.3393619902.00000219DB080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: wse.exe, 0000000B.00000002.3392873131.00000219DAEE0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3392922501.000001E9EB900000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: wse.exe, 0000000B.00000002.3391673166.00000219DAD19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dwarfstd.org/doc/dwarf-2.0.0.pdf
Source: wse.exe, 0000000B.00000002.3398125924.00000219DBE91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fxr.googlebit.com/source/lib/libcrypt/crypt.c?v=NETBSD-CURRENT
Source: wse.exe, 0000000B.00000002.3387448437.00000219DA920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/ActiveState/appdirs
Source: wse.exe, 0000000B.00000002.3417905634.00007FF892511000.00000002.00000001.01000000.00000022.sdmp, wse.exe, 00000013.00000002.3419603351.00007FF890A51000.00000002.00000001.01000000.00000047.sdmpString found in binary or memory: http://html4/loose.dtd
Source: wse.exe, 0000000B.00000002.3381440072.00000219DA190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.website.com
Source: wse.exe, 0000000B.00000002.3383115729.00000219DA56A000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2431656626.000001E9EB5AF000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2427730178.000001E9EB5DA000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: wse.exe, 0000000B.00000002.3407332742.00000219DD0B0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3407451037.00000219DD0F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://littlesvr.ca/apng/
Source: wse.exe, 0000000B.00000003.2254748735.00000219DA62D000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3383115729.00000219DA56A000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lucumr.pocoo.org/2014/10/16/on-error-handling/
Source: wse.exe, 0000000B.00000002.3408809952.00000219DD560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uN
Source: wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210670491.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217008615.000001CE66711000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216616595.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210209585.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2209539187.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2390209167.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391842400.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391166512.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397152994.0000026E5EEB2000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2392659319.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2394028703.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: setups.exe, 00000000.00000002.2208654064.00000000098A0000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.2207874711.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2182961465.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204801814.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210670491.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217008615.000001CE66711000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216616595.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210209585.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2209539187.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2390209167.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: setups.exe, 00000000.00000002.2208654064.00000000098A0000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204940226.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2182961465.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204801814.0000000004E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: setups.exe, 00000000.00000002.2208654064.00000000098A0000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204940226.0000000004E8A000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.2207874711.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2182961465.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2204801814.0000000004E40000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210670491.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216616595.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210209585.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2209539187.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2390209167.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: wse.exe, 0000000B.00000002.3409351438.00000219DD810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQg3SSkKA74hABkhmlBtJTz8w3hlAQU%2BWC71OPVNPa49QaAJ
Source: setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.com0
Source: setups.exe, 00000000.00000003.2120670506.0000000004E88000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.com0_
Source: wse.exe, 0000000B.00000002.3384510056.00000219DA810000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3384632985.00000219DA850000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: wse.exe, 00000013.00000002.3382710977.000001E9EAF95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pyparsing.wikispaces.com
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python-hyper.org/en/latest/contributing.html
Source: wse.exe, 0000000B.00000002.3401032431.00000219DC300000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3400508514.000001E9ECD20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pyyaml.org/wiki/YAMLColonInFlowContext
Source: wse.exe, 0000000B.00000002.3409351438.00000219DD810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: wse.exe, 0000000B.00000002.3404752179.00000219DCBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://reqrypt.org/windivert-doc.html#divert_close
Source: wse.exe, 0000000B.00000002.3404855873.00000219DCBF0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3404477226.000001E9ED610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://reqrypt.org/windivert-doc.html#divert_get_param
Source: wse.exe, 0000000B.00000002.3397980978.00000219DBD1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reqrypt.org/windivert-doc.html#divert_open
Source: wse.exe, 0000000B.00000002.3397598592.00000219DBBF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reqrypt.org/windivert-doc.html#divert_recv
Source: wse.exe, 0000000B.00000002.3397598592.00000219DBBF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reqrypt.org/windivert-doc.html#divert_send
Source: wse.exe, 0000000B.00000002.3404752179.00000219DCBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://reqrypt.org/windivert-doc.html#divert_set_param
Source: wse.exe, 0000000B.00000002.3392873131.00000219DAEE0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3392922501.000001E9EB900000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/19622133/
Source: wse.exe, 0000000B.00000002.3381440072.00000219DA190000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3387593788.00000219DA9DB000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2253111489.00000219DA961000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2430874754.000001E9EAFCA000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3382710977.000001E9EAF95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular-
Source: wse.exe, 00000012.00000003.2403238124.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: wse.exe, 00000012.00000003.2403339271.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2403238124.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2403134377.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: wse.exe, 0000000B.00000002.3384510056.00000219DA810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: wse.exe, 0000000B.00000003.2247161915.00000219DA577000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3383115729.00000219DA56A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210670491.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217008615.000001CE66711000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216616595.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2210209585.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2209539187.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2390209167.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391842400.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2391166512.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397152994.0000026E5EEB2000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2392659319.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2394028703.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: wse.exe, 0000000B.00000002.3398125924.00000219DBE91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dynamic.net.au/christos/crypt/UnixCrypt2.txt
Source: wse.exe, 0000000B.00000002.3404551904.00000219DCB30000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3404652400.00000219DCB70000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3404240874.000001E9ED590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Source: wse.exe, 0000000B.00000002.3383115729.00000219DA56A000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2432118545.000001E9EB60E000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: wse.exe, 0000000B.00000003.2247161915.00000219DA577000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: wse.exe, 0000000B.00000002.3406517211.00000219DCEF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openwall.com/lists/oss-security/2011/06/27/9
Source: wse.exe, 0000000B.00000002.3383115729.00000219DA56A000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openwall.com/lists/oss-security/2012/01/02/4
Source: wse.exe, 0000000B.00000003.2247161915.00000219DA577000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: wse.exe, 0000000B.00000002.3399059032.00000219DBF47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xn--n3h.net/p%C3%A5th?q=%C3%A8ry%DF
Source: wse.exe, 0000000B.00000002.3387593788.00000219DA9DB000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yaml.org/type/float.html
Source: wse.exe, 0000000B.00000002.3401032431.00000219DC300000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3400608080.000001E9ECD60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://yaml.org/type/merge.html
Source: wse.exe, 00000013.00000002.3400508514.000001E9ECD20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://yaml.readthedocs.io/en/latest/api.html#duplicate-keys
Source: wse.exe, 0000000B.00000002.3397500231.00000219DBB5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://askubuntu.com/questions/697397/python3-is-not-supporting-gtk-module
Source: wse.exe, 0000000B.00000002.3391673166.00000219DAD19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avro.apache.org/docs/current/spec.html#binary_encode_primitive
Source: wse.exe, 0000000B.00000002.3401436895.00000219DC3C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/davidfraser/pyyaml/commits/d81df6eb95f20cac4a79eed95ae553b5c6f77b8c
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.jaraco.com/skeleton
Source: wse.exe, 0000000B.00000003.2253111489.00000219DAB9B000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3387593788.00000219DAB98000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2432118545.000001E9EB60E000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://brew.sh
Source: wse.exe, 0000000B.00000002.3421711496.00007FF8B054B000.00000002.00000001.01000000.00000021.sdmp, wse.exe, 00000013.00000002.3421525752.00007FF898BDB000.00000002.00000001.01000000.00000046.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: wse.exe, 0000000B.00000002.3397598592.00000219DBBF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://click.palletsprojects.com/
Source: wse.exe, 0000000B.00000002.3397598592.00000219DBBF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://click.palletsprojects.com/en/stable/advanced/#callback-evaluation-order
Source: wse.exe, 0000000B.00000002.3387593788.00000219DA960000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3397598592.00000219DBBF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/archive/p/casadebender/wikis/Win32IconImagePlugin.wiki
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codecov.io/gh/python-hyper/h2
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codecov.io/gh/python-hyper/h2/branch/master/graph/badge.svg
Source: wse.exe, 0000000B.00000002.3398125924.00000219DBE31000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3383115729.00000219DA6C4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3407989900.00000219DD3D0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3407411073.000001E9EDBE0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3382710977.000001E9EAF95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
Source: wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: wse.exe, 0000000B.00000002.3418492822.00007FF897789000.00000002.00000001.01000000.0000001E.sdmp, wse.exe, 00000013.00000002.3412796850.00007FF88DEC9000.00000002.00000001.01000000.00000043.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: wse.exe, 0000000B.00000002.3395242967.00000219DB4A0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2432118545.000001E9EB71E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/hazmat/
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
Source: wse.exe, 0000000B.00000002.3394436462.00000219DB2C0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3394640702.00000219DB350000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
Source: wse.exe, 0000000B.00000002.3393931291.00000219DB150000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3393922251.000001E9EBB70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc6265#section-5.4
Source: wse.exe, 0000000B.00000002.3393931291.00000219DB150000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3393922251.000001E9EBB70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7540#section-8.1.2.5
Source: wse.exe, 0000000B.00000002.3394338148.00000219DB270000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3394405339.000001E9EBC90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Trailer).
Source: wse.exe, 0000000B.00000002.3399059032.00000219DBF56000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3391673166.00000219DAD19000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3391673166.00000219DACC1000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3398173330.000001E9EC862000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3382710977.000001E9EAF95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/protocol-buffers/docs/encoding
Source: wse.exe, 0000000B.00000002.3391673166.00000219DAD19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/protocol-buffers/docs/encoding?csw=1#varints
Source: wse.exe, 0000000B.00000002.3398125924.00000219DBEBC000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3399059032.00000219DBF56000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3391673166.00000219DACC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/protocol-buffers/docs/proto3
Source: wse.exe, 0000000A.00000003.2203242039.000001CE6670A000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2203242039.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2383763390.0000026E5EEA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/pallets
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizi
Source: wse.exe, 0000000B.00000002.3396303665.00000219DB830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.mitmproxy.org/dev/addons-api-changelog/.
Source: wse.exe, 00000013.00000002.3395813638.000001E9EBFE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.mitmproxy.org/dev/howto-transparent/
Source: wse.exe, 0000000B.00000002.3395673984.00000219DB5C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.mitmproxy.org/dev/howto-transparent/p
Source: wse.exe, 0000000B.00000002.3406517211.00000219DCEF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.mitmproxy.org/stable/concepts-certificates/
Source: wse.exeString found in binary or memory: https://docs.python.org/3/library/asyncio-e
Source: wse.exeString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop
Source: wse.exe, wse.exe, 0000000B.00000002.3402447062.00000219DC600000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3412715280.00007FF890909000.00000002.00000001.01000000.00000027.sdmp, wse.exe, 0000000B.00000002.3391673166.00000219DAD19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html#asyncio.Server)
Source: wse.exeString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html#asyncio.Server)from
Source: wse.exe, 0000000B.00000002.3402447062.00000219DC600000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3412715280.00007FF890909000.00000002.00000001.01000000.00000027.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-stream.html#asyncio.start_server)
Source: wse.exe, wse.exe, 0000000B.00000002.3402447062.00000219DC600000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3387593788.00000219DA960000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3402134806.00000219DC540000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3412715280.00007FF890909000.00000002.00000001.01000000.00000027.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-stream.html)
Source: wse.exeString found in binary or memory: https://docs.python.org/3/library/asyncio-stream.html)from
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/copy.html#copy.replace).
Source: wse.exe, 0000000B.00000002.3380558059.00000219D9DF0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3379902791.00000219D9A20000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3379960038.000001E9EA7A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: wse.exe, 0000000B.00000002.3380558059.00000219D9DF0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3379902791.00000219D9A20000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3379960038.000001E9EA7A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3379902791.00000219D9A20000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3379960038.000001E9EA7A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3379902791.00000219D9A20000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3379960038.000001E9EA7A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: wse.exe, 0000000B.00000002.3379673608.00000219D99E0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: wse.exe, 0000000B.00000002.3380749133.00000219D9F70000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: wse.exe, 0000000B.00000003.2243284534.00000219D819B000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D81C8000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2243040236.00000219D81C5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3378962273.00000219D8139000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242776180.00000219D81A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: wse.exe, 0000000B.00000002.3391673166.00000219DACC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html
Source: wse.exe, 0000000B.00000002.3391673166.00000219DACC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
Source: wse.exe, 0000000B.00000002.3395575855.00000219DB580000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3391673166.00000219DACC1000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3395711249.000001E9EBFA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html
Source: wse.exe, 0000000B.00000002.3395673984.00000219DB5C0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3395813638.000001E9EBFE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: wse.exe, 0000000B.00000002.3391167482.00000219DAC00000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/library/stdtypes.html
Source: wse.exe, 0000000B.00000002.3412715280.00007FF890909000.00000002.00000001.01000000.00000027.sdmpString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-supportCalling
Source: wse.exe, 0000000B.00000002.3399059032.00000219DBF56000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3391673166.00000219DAD19000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3382710977.000001E9EAF95000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easinspectorforfiddler.codeplex.com
Source: wse.exe, 0000000B.00000002.3397598592.00000219DBBF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://exiv2.org/tags.html)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filepreviews.io/
Source: wse.exe, 0000000B.00000002.3387593788.00000219DA960000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3397598592.00000219DBBF6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728
Source: wse.exe, 0000000B.00000003.2243284534.00000219D81F5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2243284534.00000219D819B000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D81C8000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2243040236.00000219D81C5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2243040236.00000219D81F5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3378962273.00000219D8139000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242776180.00000219D81F5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242776180.00000219D81A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/astral-sh/ruff
Source: wse.exe, 0000000B.00000002.3402447062.00000219DC600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
Source: wse.exe, 0000000B.00000002.3402447062.00000219DC600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/asweigart/pyperclip/issues/55writr
Source: wse.exe, 0000000B.00000002.3404752179.00000219DCBB0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3404448181.00000219DCAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bottlepy/bottle/commit/fa7733e075da0d790d809aa3d2f53071897e6f76
Source: wse.exe, 0000000B.00000002.3404855873.00000219DCBF0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3404477226.000001E9ED610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cannatag/ldap3
Source: wse.exe, 0000000B.00000002.3404855873.00000219DCBF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cannatag/ldap3tr).exe
Source: wse.exe, 00000013.00000002.3404477226.000001E9ED610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cannatag/ldap3tr)ched__
Source: wse.exe, 0000000B.00000002.3395987383.00000219DB680000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3396083295.000001E9EC0A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mitmproxy/mitmproxy/issues
Source: wse.exe, 0000000B.00000002.3401674302.00000219DC440000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3401075834.000001E9ECE60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mitmproxy/mitmproxy/issues/4799
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/orgs/python-hyper/people
Source: wse.exe, 0000000B.00000002.3387593788.00000219DA9DB000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3397598592.00000219DBBB5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pallets/cachelib
Source: wse.exe, 0000000A.00000003.2203242039.000001CE6670A000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2203242039.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2383763390.0000026E5EEA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pallets/markupsafe/
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: wse.exe, 0000000B.00000002.3387448437.00000219DA920000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3392575550.00000219DAE60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: wse.exe, 0000000B.00000002.3387448437.00000219DA920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingabout__.pyc
Source: wse.exe, 0000000B.00000002.3392575550.00000219DAE60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingut__.pyc2
Source: wse.exe, 0000000B.00000002.3392295760.00000219DADE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: wse.exe, 0000000B.00000002.3383944524.00000219DA6D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
Source: wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1340)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1358)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1365)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1372)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1383)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1385)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/wiki/Extensions-to-attrs)
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-hyper/h2
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-hyper/h2/actions
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-hyper/h2/workflows/CI/badge.svg
Source: wse.exe, 0000000B.00000002.3393185202.00000219DAFB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-pillow/Pillow/
Source: wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3379902791.00000219D9A20000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3379960038.000001E9EA7A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: wse.exe, 0000000B.00000003.2242776180.00000219D81A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: wse.exe, 0000000B.00000003.2243284534.00000219D81F5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2243284534.00000219D819B000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D81C8000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2243040236.00000219D81C5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2243040236.00000219D81F5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3378962273.00000219D8139000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242776180.00000219D81F5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242776180.00000219D81A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: wse.exe, 0000000B.00000003.2254748735.00000219DA62D000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2246767182.00000219DA5B9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3383115729.00000219DA56A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/mypy/issues/3216
Source: wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/hynek
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/hynek).
Source: wse.exe, 0000000B.00000002.3391673166.00000219DAD19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tatsuhiro-t/nghttp2/
Source: wse.exe, 0000000B.00000003.2243284534.00000219D81F5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2243284534.00000219D819B000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D81C8000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242338367.00000219D8180000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2243040236.00000219D81C5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2243040236.00000219D81F5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3378962273.00000219D8139000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242776180.00000219D81F5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2242776180.00000219D81A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: wse.exe, 0000000B.00000002.3387593788.00000219DA9DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/theskumar/python-dotenv#readme
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitter.im/python-hyper/community
Source: wse.exe, 0000000B.00000002.3407451037.00000219DD0F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://graphics.stanford.edu/~seander/bithacks.html#VariableSignExtend
Source: wse.exe, 0000000B.00000002.3393743089.00000219DB0C0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3393818701.000001E9EBB20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://guardflares.com/searchv2?q=
Source: wse.exe, 0000000B.00000002.3393743089.00000219DB0C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://guardflares.com/searchv2?q=).exe
Source: wse.exe, 00000013.00000002.3393818701.000001E9EBB20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://guardflares.com/searchv2?q=)ched__
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://h2.readthedocs.io
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://h2.readthedocs.io/en/latest/
Source: wse.exe, 0000000B.00000002.3397500231.00000219DBB5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/#multipart-form-data
Source: wse.exe, 0000000B.00000002.3391167482.00000219DAC00000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpwg.org/specs/rfc9110.html#abnf.extension
Source: wse.exe, 0000000B.00000002.3387593788.00000219DA9DB000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3392049870.000001E9EB7F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpwg.org/specs/rfc9110.html#field.accept
Source: wse.exe, 0000000B.00000002.3397500231.00000219DBB5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpwg.org/specs/rfc9110.html#parameter
Source: wse.exe, 0000000B.00000002.3397500231.00000219DBB5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpwg.org/specs/rfc9110.html#quoted.strings
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hynek.me/articles/import-attrs/)
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/chat-join_now-brightgreen.svg
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klaviyo.com/
Source: wse.exe, 0000000B.00000002.3391673166.00000219DAD19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lucene.apache.org/core/3_5_0/fileformats.html#VInt
Source: wse.exe, 0000000B.00000002.3397500231.00000219DBB5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: wse.exe, 0000000A.00000003.2203242039.000001CE6670A000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2203242039.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2383763390.0000026E5EEA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://markupsafe.palletsprojects.com/
Source: wse.exe, 0000000A.00000003.2203242039.000001CE6670A000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2203242039.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2383763390.0000026E5EEA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://markupsafe.palletsprojects.com/changes/
Source: wse.exe, 00000012.00000003.2383763390.0000026E5EEA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://palletsprojects.com/donate
Source: wse.exe, 0000000B.00000002.3407332742.00000219DD0B0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3407451037.00000219DD0F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://philip.html5.org/tests/apng/tests.html
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://polar.sh/
Source: wse.exe, 0000000B.00000002.3395575855.00000219DB580000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3395711249.000001E9EBFA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyopenssl.org/
Source: wse.exe, 0000000B.00000002.3395575855.00000219DB580000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyopenssl.org/?
Source: wse.exe, 0000000B.00000002.3402546172.00000219DC640000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3402032353.000001E9ED060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/attrs/)
Source: wse.exe, 0000000B.00000002.3396645544.00000219DB930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/blinker/)
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/importlib_metadata
Source: wse.exe, 0000000B.00000002.3387593788.00000219DA9DB000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3397598592.00000219DBBB5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/python-memcached/
Source: wse.exe, 0000000B.00000002.3397980978.00000219DBD1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.python.org/pypi/fastpbkdf2
Source: wse.exe, 0000000B.00000002.3419111256.00007FF897B13000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.github.com/python-hyper/documentation/master/source/logo/hyper-black-bg-white.png
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svg
Source: wse.exe, 0000000A.00000003.2219497700.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399772899.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: wse.exe, 00000012.00000003.2402521295.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/h2/badge/?version=latest
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: wse.exe, 0000000B.00000002.3404752179.00000219DCBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reqrypt.org/download/WinDivert-1.3.0-WDDK.zip
Source: wse.exe, 0000000B.00000002.3404752179.00000219DCBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reqrypt.org/windivert-doc.html#divert_address
Source: wse.exe, 0000000B.00000002.3404752179.00000219DCBB0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3404448181.00000219DCAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reqrypt.org/windivert-doc.html#divert_helper_calc_checksums
Source: wse.exe, 0000000B.00000002.3397598592.00000219DBBF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reqrypt.org/windivert-doc.html#divert_helper_check_filter
Source: wse.exe, 0000000B.00000002.3387593788.00000219DA9DB000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reqrypt.org/windivert-doc.html#divert_helper_eval_filter
Source: wse.exe, 0000000B.00000002.3404752179.00000219DCBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reqrypt.org/windivert-doc.html#divert_open
Source: wse.exe, 0000000B.00000002.3404752179.00000219DCBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reqrypt.org/windivert-doc.html#divert_set_param
Source: wse.exe, 0000000B.00000003.2253111489.00000219DAB68000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3387593788.00000219DA9DB000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2432118545.000001E9EB60E000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2432603934.000001E9EB6C5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sans-io.readthedocs.io/).
Source: wse.exe, 0000000B.00000002.3383115729.00000219DA515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.readthedocs.io/en/latest/pkg_resources.html#basic-resource-access
Source: wse.exe, 0000000B.00000002.3391673166.00000219DACC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/tagged/python-attrs)
Source: MSIFF78.tmp, 00000006.00000002.2149321847.000000000073C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyou
Source: MSIFF78.tmp, 00000006.00000002.2149321847.000000000073C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyou0
Source: MSIFF78.tmp, 00000006.00000002.2149321847.0000000000744000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyou3f
Source: MSIFF78.tmp, 00000006.00000002.2149321847.0000000000744000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyou4
Source: MSIFF78.tmp, 00000006.00000002.2149260018.00000000005B0000.00000004.00000020.00020000.00000000.sdmp, MSIFF78.tmp, 00000006.00000002.2149321847.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyouC:
Source: MSIFF78.tmp, 00000006.00000002.2149321847.000000000073C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyouDER
Source: MSIFF78.tmp, 00000006.00000002.2149321847.0000000000744000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyouUse:
Source: MSIFF78.tmp, 00000006.00000002.2149321847.0000000000744000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyoun
Source: setups.exe, 00000000.00000003.2119642381.0000000004E4A000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119727749.0000000004E53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyour(nH
Source: MSIFF78.tmp, 00000006.00000002.2149321847.0000000000759000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyourosoft
Source: MSIFF78.tmp, 00000006.00000002.2149321847.0000000000744000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyous
Source: MSIFF78.tmp, 00000006.00000002.2149321847.000000000073C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyout
Source: setups.exe, 00000000.00000003.2123450001.000000000A3A1000.00000004.00000020.00020000.00000000.sdmp, MSIFF78.tmp, 00000006.00000002.2149891516.0000000006899000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyouy
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
Source: wse.exe, 00000012.00000003.2403376516.0000026E5EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: wse.exe, 0000000B.00000002.3381440072.00000219DA190000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3387593788.00000219DA9DB000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2253111489.00000219DA961000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2432118545.000001E9EB555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6455)
Source: wse.exe, 0000000B.00000002.3393931291.00000219DB150000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3393922251.000001E9EBB70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: wse.exe, 0000000B.00000002.3381440072.00000219DA190000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3383115729.00000219DA6C4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2254748735.00000219DA6C4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2432118545.000001E9EB71E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-5.3
Source: wse.exe, 0000000B.00000002.3394338148.00000219DB270000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3394405339.000001E9EBC90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-5.3).
Source: wse.exe, 0000000B.00000002.3401926441.00000219DC4C0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3401336552.000001E9ECEE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-11.4
Source: wse.exe, 0000000B.00000002.3391673166.00000219DAD19000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-5.3
Source: wse.exe, 0000000B.00000002.3381440072.00000219DA190000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3391673166.00000219DAD19000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7541#section-7.1.3
Source: wse.exe, 0000000B.00000002.3387593788.00000219DA960000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3391673166.00000219DAD19000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3391673166.00000219DACC1000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3390750461.000001E9EB480000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7838
Source: wse.exe, 0000000B.00000002.3384396544.00000219DA7D0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3384277616.00000219DA790000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3392575550.00000219DAE60000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3384315485.000001E9EB1F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
Source: wse.exe, 0000000B.00000002.3397598592.00000219DBBF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20120328125543/http://www.jpegcameras.com/libjpeg/libjpeg-3.html
Source: wse.exe, 0000000B.00000002.3407989900.00000219DD3D0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3407411073.000001E9EDBE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20170802060935/http://oss.sgi.com/projects/ogl-sample/registry/EXT/textu
Source: wse.exe, 0000000B.00000002.3378962273.00000219D8139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: wse.exe, 0000000B.00000002.3407217338.00000219DD070000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3407451037.00000219DD0F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.mozilla.org/APNG_Specification#.60acTL.60:_The_Animation_Control_Chunk
Source: wse.exe, 0000000B.00000002.3407217338.00000219DD070000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3407451037.00000219DD0F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.mozilla.org/APNG_Specification#.60fcTL.60:_The_Frame_Control_Chunk
Source: wse.exe, 0000000B.00000002.3407332742.00000219DD0B0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3407451037.00000219DD0F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.mozilla.org/APNG_Specification#.60fdAT.60:_The_Frame_Data_Chunk
Source: wse.exe, 0000000A.00000003.2219115596.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399438958.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: wse.exe, 0000000A.00000003.2219267837.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2219115596.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399395459.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399438958.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2399512249.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/FilePreviews.svg
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Klaviyo.svg
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Polar.svg
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Tidelift.svg
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Variomedia.svg
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/emsys-renewables.svg
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/latest/names.html)
Source: wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/changelog.html
Source: wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/changelog.html)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/comparison.html#customization)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE66713000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397645332.0000026E5EEB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/why.html#data-classes)
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.emsys-renewables.com/
Source: wse.exe, 0000000B.00000002.3415540670.00007FF891C37000.00000002.00000001.01000000.00000019.sdmp, wse.exe, 0000000B.00000002.3421292207.00007FF8A8A9A000.00000002.00000001.01000000.0000001A.sdmp, wse.exe, 00000013.00000002.3414797851.00007FF88E267000.00000002.00000001.01000000.0000003E.sdmp, wse.exe, 00000013.00000002.3420373393.00007FF890D4A000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: https://www.openssl.org/H
Source: wse.exe, 0000000B.00000002.3395474636.00000219DB540000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3395242967.00000219DB4A0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2432118545.000001E9EB71E000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3395711249.000001E9EBFA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/docs/manmaster/man3/X509_VERIFY_PARAM_set_flags.html
Source: wse.exe, 0000000B.00000003.2253111489.00000219DAAD0000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3387593788.00000219DA9DB000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000003.2432118545.000001E9EB71E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/docs/manmaster/man5/
Source: wse.exe, 0000000B.00000002.3397500231.00000219DBB5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: wse.exe, 0000000A.00000003.2217703391.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3382476300.00000219DA3B0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2398081024.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: wse.exe, 0000000B.00000002.3403402448.00000219DC850000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3402909277.000001E9ED270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0506/
Source: wse.exe, 0000000B.00000002.3381820523.00000219DA290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: wse.exe, 0000000B.00000002.3397500231.00000219DBB5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc2231#section-3
Source: setups.exe, 00000000.00000003.2120670506.0000000004E88000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.2119287643.0000000004E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ssl.com/repository0
Source: wse.exe, 0000000A.00000003.2217130317.000001CE6670C000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217556442.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217181060.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217447836.000001CE66709000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000A.00000003.2217345644.000001CE66708000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397556806.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2397503484.0000026E5EEAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.variomedia.de/
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745

E-Banking Fraud

barindex
Registers a new ROOT certificate
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\certutil.exe "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy\mitmproxy-ca-cert.pemstartup_15
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\certutil.exe "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy\mitmproxy-ca-cert.pemb_18838673aJump to behavior
Sets a proxy for the internet explorer
Source: C:\Program Files (x86)\Secure\Installer\wse.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ProxyServerJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\.mitmproxy\mitmproxy-ca-cert.p12Jump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\.mitmproxy\mitmproxy-ca-cert.p12Jump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\.mitmproxy\mitmproxy-ca.p12Jump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\.mitmproxy\mitmproxy-ca.p12Jump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy\mitmproxy-ca.p12Jump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy\mitmproxy-ca-cert.p12Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

barindex
Enables a proxy for the internet explorer
Source: C:\Program Files (x86)\Secure\Installer\wse.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ProxyEnableJump to behavior
Sets a proxy for the internet explorer
Source: C:\Program Files (x86)\Secure\Installer\wse.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ProxyServerJump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009121C0 NtdllDefWindowProc_W,0_2_009121C0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00778020 GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,NtdllDefWindowProc_W,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W,0_2_00778020
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007F4570 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_007F4570
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007787F0 SysFreeString,SysAllocString,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,SysFreeString,0_2_007787F0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00778EA0 NtdllDefWindowProc_W,0_2_00778EA0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00782FC0 NtdllDefWindowProc_W,0_2_00782FC0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00791040 NtdllDefWindowProc_W,0_2_00791040
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0077B0A0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow,0_2_0077B0A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00783130 IsWindow,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_00783130
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0085F3A0 NtdllDefWindowProc_W,0_2_0085F3A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0079F3F0 NtdllDefWindowProc_W,0_2_0079F3F0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0078B650 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection,0_2_0078B650
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0077B890 NtdllDefWindowProc_W,0_2_0077B890
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0077BEF0 NtdllDefWindowProc_W,0_2_0077BEF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890876F80 NtCancelIoFileEx,RtlNtStatusToDosError,11_2_00007FF890876F80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890875FF0 AcquireSRWLockExclusive,ReleaseSRWLockExclusive,AcquireSRWLockExclusive,NtCancelIoFileEx,NtDeviceIoControlFile,RtlNtStatusToDosError,AcquireSRWLockExclusive,ReleaseSRWLockExclusive,AcquireSRWLockExclusive,ReleaseSRWLockExclusive,ReleaseSRWLockExclusive,RtlNtStatusToDosError,ReleaseSRWLockExclusive,11_2_00007FF890875FF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890875FF0: AcquireSRWLockExclusive,ReleaseSRWLockExclusive,AcquireSRWLockExclusive,NtCancelIoFileEx,NtDeviceIoControlFile,RtlNtStatusToDosError,AcquireSRWLockExclusive,ReleaseSRWLockExclusive,AcquireSRWLockExclusive,ReleaseSRWLockExclusive,ReleaseSRWLockExclusive,RtlNtStatusToDosError,ReleaseSRWLockExclusive,11_2_00007FF890875FF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll\WinDivert32.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3afce4.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE5B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFEC9.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF09.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF38.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF78.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI303.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI352.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{0A11F234-58BA-4824-8D87-1859270DECCC}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF69.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3afce7.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3afce7.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIFE5B.tmpJump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009285200_2_00928520
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008DC7300_2_008DC730
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008E08300_2_008E0830
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007A53600_2_007A5360
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008CD3900_2_008CD390
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007614900_2_00761490
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00791CB00_2_00791CB0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00909E600_2_00909E60
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009320400_2_00932040
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007925100_2_00792510
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009745E00_2_009745E0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007AA5E00_2_007AA5E0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007A87E00_2_007A87E0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009289900_2_00928990
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007A0B100_2_007A0B10
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009A4BE00_2_009A4BE0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00798C300_2_00798C30
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00794D430_2_00794D43
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008D0E900_2_008D0E90
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009B72E90_2_009B72E9
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0097B2000_2_0097B200
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007F92900_2_007F9290
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007633E00_2_007633E0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007974100_2_00797410
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007AF4A00_2_007AF4A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009B15D00_2_009B15D0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0078D6700_2_0078D670
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007836700_2_00783670
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007B76800_2_007B7680
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009297A00_2_009297A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0091F8900_2_0091F890
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009B19300_2_009B1930
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00767A000_2_00767A00
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0099B96F0_2_0099B96F
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00927C100_2_00927C10
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007A1D700_2_007A1D70
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0099BDAE0_2_0099BDAE
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008A1DB00_2_008A1DB0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008F1E300_2_008F1E30
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008C9E600_2_008C9E60
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00913FB00_2_00913FB0
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D0A12C6_2_00D0A12C
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D202306_2_00D20230
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D175E96_2_00D175E9
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D205906_2_00D20590
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D187D36_2_00D187D3
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00CED7506_2_00CED750
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D0B9B06_2_00D0B9B0
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D11ACD6_2_00D11ACD
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D1FBE46_2_00D1FBE4
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D13C1C6_2_00D13C1C
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D25E996_2_00D25E99
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D13FB56_2_00D13FB5
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D15F506_2_00D15F50
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D11F0C6_2_00D11F0C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE48BD010_2_00007FF77AE48BD0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE4A34B10_2_00007FF77AE4A34B
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE65C7010_2_00007FF77AE65C70
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE669D410_2_00007FF77AE669D4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE6093810_2_00007FF77AE60938
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE4100010_2_00007FF77AE41000
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE51BC010_2_00007FF77AE51BC0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE4A4E410_2_00007FF77AE4A4E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE6648810_2_00007FF77AE66488
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE6093810_2_00007FF77AE60938
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE63C8010_2_00007FF77AE63C80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE52C8010_2_00007FF77AE52C80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE53A1410_2_00007FF77AE53A14
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE521D410_2_00007FF77AE521D4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE519B410_2_00007FF77AE519B4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE5815410_2_00007FF77AE58154
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE6411C10_2_00007FF77AE6411C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE5DACC10_2_00007FF77AE5DACC
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE5880410_2_00007FF77AE58804
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE51FD010_2_00007FF77AE51FD0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE517B010_2_00007FF77AE517B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE6979810_2_00007FF77AE69798
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE5DF6010_2_00007FF77AE5DF60
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE618E410_2_00007FF77AE618E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE4987010_2_00007FF77AE49870
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE5361010_2_00007FF77AE53610
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE5E5E010_2_00007FF77AE5E5E0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE51DC410_2_00007FF77AE51DC4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE55DA010_2_00007FF77AE55DA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE4AD1D10_2_00007FF77AE4AD1D
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE59F1010_2_00007FF77AE59F10
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE65EEC10_2_00007FF77AE65EEC
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE669D411_2_00007FF77AE669D4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE4100011_2_00007FF77AE41000
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE48BD011_2_00007FF77AE48BD0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE51BC011_2_00007FF77AE51BC0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE4A34B11_2_00007FF77AE4A34B
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE4A4E411_2_00007FF77AE4A4E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE6648811_2_00007FF77AE66488
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE6093811_2_00007FF77AE60938
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE63C8011_2_00007FF77AE63C80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE52C8011_2_00007FF77AE52C80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE65C7011_2_00007FF77AE65C70
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE53A1411_2_00007FF77AE53A14
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE521D411_2_00007FF77AE521D4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE519B411_2_00007FF77AE519B4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE5815411_2_00007FF77AE58154
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE6093811_2_00007FF77AE60938
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE6411C11_2_00007FF77AE6411C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE5DACC11_2_00007FF77AE5DACC
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE5880411_2_00007FF77AE58804
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE51FD011_2_00007FF77AE51FD0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE517B011_2_00007FF77AE517B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE6979811_2_00007FF77AE69798
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE5DF6011_2_00007FF77AE5DF60
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE618E411_2_00007FF77AE618E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE4987011_2_00007FF77AE49870
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE5361011_2_00007FF77AE53610
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE5E5E011_2_00007FF77AE5E5E0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE51DC411_2_00007FF77AE51DC4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE55DA011_2_00007FF77AE55DA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE4AD1D11_2_00007FF77AE4AD1D
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE59F1011_2_00007FF77AE59F10
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE65EEC11_2_00007FF77AE65EEC
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF88FA33FE011_2_00007FF88FA33FE0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF88FA3668011_2_00007FF88FA36680
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF88FA33D2011_2_00007FF88FA33D20
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8906912C011_2_00007FF8906912C0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89069189011_2_00007FF890691890
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908AF18011_2_00007FF8908AF180
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908B21A011_2_00007FF8908B21A0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907FE28411_2_00007FF8907FE284
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907FE27D11_2_00007FF8907FE27D
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907FE29211_2_00007FF8907FE292
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907FE28B11_2_00007FF8907FE28B
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89086C28011_2_00007FF89086C280
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908CF21011_2_00007FF8908CF210
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89081323011_2_00007FF890813230
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89088723011_2_00007FF890887230
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89087326011_2_00007FF890873260
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89080238B11_2_00007FF89080238B
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907C73E011_2_00007FF8907C73E0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908A634011_2_00007FF8908A6340
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908C249011_2_00007FF8908C2490
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907C848011_2_00007FF8907C8480
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89090146011_2_00007FF890901460
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89087459011_2_00007FF890874590
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907EF50011_2_00007FF8907EF500
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907C754011_2_00007FF8907C7540
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89080456011_2_00007FF890804560
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907D357011_2_00007FF8907D3570
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89087369011_2_00007FF890873690
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908CA6B011_2_00007FF8908CA6B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907C76C011_2_00007FF8907C76C0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89087B74011_2_00007FF89087B740
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907C789011_2_00007FF8907C7890
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907D28D011_2_00007FF8907D28D0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890873AF011_2_00007FF890873AF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908FFB9011_2_00007FF8908FFB90
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89087ABE011_2_00007FF89087ABE0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907C8C9011_2_00007FF8907C8C90
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907D1C3011_2_00007FF8907D1C30
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908EDDA011_2_00007FF8908EDDA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890901DA011_2_00007FF890901DA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890907DC011_2_00007FF890907DC0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890872DC011_2_00007FF890872DC0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890865D6011_2_00007FF890865D60
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908D2E0011_2_00007FF8908D2E00
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89086BE3011_2_00007FF89086BE30
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907D0F9011_2_00007FF8907D0F90
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89081EF8011_2_00007FF89081EF80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907B2FC711_2_00007FF8907B2FC7
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890875FF011_2_00007FF890875FF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908B6F3011_2_00007FF8908B6F30
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907FE08011_2_00007FF8907FE080
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908B70B011_2_00007FF8908B70B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908C20D011_2_00007FF8908C20D0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8908020EB11_2_00007FF8908020EB
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890DD01A011_2_00007FF890DD01A0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890DC81B011_2_00007FF890DC81B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890DDA1B011_2_00007FF890DDA1B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890DD516011_2_00007FF890DD5160
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D7292011_2_00007FF890D72920
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D7F92011_2_00007FF890D7F920
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D8A2F011_2_00007FF890D8A2F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D872F011_2_00007FF890D872F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D79A6011_2_00007FF890D79A60
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D77A5011_2_00007FF890D77A50
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890DD622011_2_00007FF890DD6220
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D88A1011_2_00007FF890D88A10
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D53BF011_2_00007FF890D53BF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D92B2011_2_00007FF890D92B20
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890DCCB2011_2_00007FF890DCCB20
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D84B0011_2_00007FF890D84B00
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D654E011_2_00007FF890D654E0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D77CF011_2_00007FF890D77CF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D9EC8C11_2_00007FF890D9EC8C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D8449011_2_00007FF890D84490
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D68C6011_2_00007FF890D68C60
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D5344011_2_00007FF890D53440
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D9D44C11_2_00007FF890D9D44C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D9C41011_2_00007FF890D9C410
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890DD55F011_2_00007FF890DD55F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D5FDC011_2_00007FF890D5FDC0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D765C011_2_00007FF890D765C0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D6A5A011_2_00007FF890D6A5A0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D6453011_2_00007FF890D64530
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D8653011_2_00007FF890D86530
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D66EE011_2_00007FF890D66EE0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D61EF011_2_00007FF890D61EF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D7EED011_2_00007FF890D7EED0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D72EB011_2_00007FF890D72EB0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D9769011_2_00007FF890D97690
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890DD469011_2_00007FF890DD4690
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D69E9011_2_00007FF890D69E90
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D937F011_2_00007FF890D937F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D797C011_2_00007FF890D797C0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D6DFD011_2_00007FF890D6DFD0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890DD7FB011_2_00007FF890DD7FB0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D58F5011_2_00007FF890D58F50
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890DC672011_2_00007FF890DC6720
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D6AF1011_2_00007FF890D6AF10
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D930F011_2_00007FF890D930F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D7604011_2_00007FF890D76040
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F68CA11_2_00007FF8918F68CA
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89191520011_2_00007FF891915200
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF89190D26011_2_00007FF89190D260
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F318911_2_00007FF8918F3189
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF891A1D17011_2_00007FF891A1D170
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF891A3117011_2_00007FF891A31170
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F1F9611_2_00007FF8918F1F96
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F5BF011_2_00007FF8918F5BF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F560F11_2_00007FF8918F560F
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F44C611_2_00007FF8918F44C6
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F53A811_2_00007FF8918F53A8
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F710D11_2_00007FF8918F710D
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF891AA93C011_2_00007FF891AA93C0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F551011_2_00007FF8918F5510
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F428711_2_00007FF8918F4287
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F504711_2_00007FF8918F5047
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F5F1011_2_00007FF8918F5F10
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F129911_2_00007FF8918F1299
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF891A317A011_2_00007FF891A317A0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F656411_2_00007FF8918F6564
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F542F11_2_00007FF8918F542F
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F15C811_2_00007FF8918F15C8
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F3A8F11_2_00007FF8918F3A8F
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F54CA11_2_00007FF8918F54CA
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF891A91AD011_2_00007FF891A91AD0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F53C111_2_00007FF8918F53C1
Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Secure\Installer\wse.exe 8D77A0AF88FAD3A00C61ED8FFD7A685753B516FEFB1F3A7B96860FEC6241897A
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe 8D77A0AF88FAD3A00C61ED8FFD7A685753B516FEFB1F3A7B96860FEC6241897A
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FF8918F4057 appears 110 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FF77AE42910 appears 34 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FF8918F2734 appears 52 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FF8918F2A04 appears 40 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FF890D51010 appears 33 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FF77AE42710 appears 104 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FF890900370 appears 567 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FF8918F1EF1 appears 275 times
Source: C:\Windows\Installer\MSIFF78.tmpCode function: String function: 00D0A840 appears 40 times
Source: C:\Windows\Installer\MSIFF78.tmpCode function: String function: 00D0A47C appears 103 times
Source: C:\Windows\Installer\MSIFF78.tmpCode function: String function: 00D0A4AF appears 72 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 0076B300 appears 40 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 0076ADE0 appears 67 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 0076A210 appears 31 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 00773440 appears 35 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 0076A7A0 appears 60 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 008B7E40 appears 31 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 00768720 appears 56 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 00993254 appears 40 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 00769240 appears 123 times
Source: setups.exeStatic PE information: invalid certificate
Source: _overlapped.pyd.10.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.10.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.18.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.18.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.18.drStatic PE information: No import functions for PE file found
Source: python3.dll.10.drStatic PE information: No import functions for PE file found
Source: setups.exe, 00000000.00000003.2183080184.000000000A39B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePr vs setups.exe
Source: setups.exe, 00000000.00000002.2209059426.000000000A3A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePr vs setups.exe
Source: setups.exe, 00000000.00000003.2123935534.00000000091B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs setups.exe
Source: setups.exe, 00000000.00000002.2207300256.0000000000AF5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameusing python exe.exe4 vs setups.exe
Source: setups.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal92.bank.troj.adwa.evad.winEXE@47/412@24/12
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008C8F40 FormatMessageW,GetLastError,0_2_008C8F40
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008FDA00 GetDiskFreeSpaceExW,0_2_008FDA00
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008D0210 CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,CloseHandle,0_2_008D0210
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009168C0 CoCreateInstance,0_2_009168C0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0076A660 LoadResource,LockResource,SizeofResource,0_2_0076A660
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SecureJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Roaming\SecureJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7616:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7916:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8056:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7840:120:WilError_03
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\shiF7C3.tmpJump to behavior
Source: setups.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\setups.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\setups.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: setups.exe, 00000000.00000003.2119551071.0000000004E6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM `Property` WHERE `Property` = 'MsiLogging' `;K9
Source: setups.exeVirustotal: Detection: 44%
Source: setups.exeReversingLabs: Detection: 42%
Source: C:\Users\user\Desktop\setups.exeFile read: C:\Users\user\Desktop\setups.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\setups.exe "C:\Users\user\Desktop\setups.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 93C04E8712A918E7EA60766412ADE486 C
Source: C:\Users\user\Desktop\setups.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\Secure\Installer 5\install\using python exe.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\setups.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1737552040 "
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6F99149891529616C10F649CA42C59BC
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIFF78.tmp "C:\Windows\Installer\MSIFF78.tmp" https://telixsearch.com/thankyou
Source: C:\Windows\Installer\MSIFF78.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://telixsearch.com/thankyou
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2040,i,16677488193981522078,8808964442902892412,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\certutil.exe "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy\mitmproxy-ca-cert.pem
Source: C:\Windows\System32\certutil.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\setups.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\Secure\Installer 5\install\using python exe.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\setups.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1737552040 " Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 93C04E8712A918E7EA60766412ADE486 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6F99149891529616C10F649CA42C59BCJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIFF78.tmp "C:\Windows\Installer\MSIFF78.tmp" https://telixsearch.com/thankyouJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"Jump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://telixsearch.com/thankyouJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2040,i,16677488193981522078,8808964442902892412,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\certutil.exe "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy\mitmproxy-ca-cert.pemJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\setups.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: davhlpr.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: lpk.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msisip.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: msi.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: version.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: msiso.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: slc.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: sppc.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: twext.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: mlang.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: edputil.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: slc.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: sppc.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\certutil.exeSection loaded: certcli.dll
Source: C:\Windows\System32\certutil.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\certutil.exeSection loaded: cryptui.dll
Source: C:\Windows\System32\certutil.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\certutil.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\certutil.exeSection loaded: ntdsapi.dll
Source: C:\Windows\System32\certutil.exeSection loaded: version.dll
Source: C:\Windows\System32\certutil.exeSection loaded: secur32.dll
Source: C:\Windows\System32\certutil.exeSection loaded: certca.dll
Source: C:\Windows\System32\certutil.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\certutil.exeSection loaded: samcli.dll
Source: C:\Windows\System32\certutil.exeSection loaded: logoncli.dll
Source: C:\Windows\System32\certutil.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\certutil.exeSection loaded: netutils.dll
Source: C:\Windows\System32\certutil.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\certutil.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\certutil.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\certutil.exeSection loaded: profapi.dll
Source: C:\Windows\System32\certutil.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\certutil.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\certutil.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libffi-7.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libcrypto-1_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libssl-1_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: iconcodecservice.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libffi-7.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libcrypto-1_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libssl-1_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libcrypto-1_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: iconcodecservice.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\setups.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Google Drive.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: setups.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: setups.exeStatic file information: File size 26457696 > 1048576
Source: setups.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2c7c00
Source: setups.exeStatic PE information: More than 200 imports for KERNEL32.dll
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: setups.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: wse.exe, 0000000B.00000002.3417032163.00007FF89233D000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: wininet.pdb source: setups.exe, 00000000.00000003.2123935534.00000000091B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: wse.exe, 0000000B.00000002.3417531454.00007FF892475000.00000002.00000001.01000000.00000023.sdmp, wse.exe, 00000013.00000002.3420748729.00007FF891F05000.00000002.00000001.01000000.00000048.sdmp
Source: Binary string: signToolcAToolsignToolCertcAToolCertISSUER_SIGN_TOOLv2i_issuer_sign_toolcrypto\x509\v3_ist.ci2r_issuer_sign_tool%*ssignTool : %*scATool : %*ssignToolCert: %*scAToolCert : compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: PKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excrypto\bio\bio_sock.cBIO_sock_initcalling wsastartup()BIO_socket_ioctlcalling ioctlsocket()i2d_ASN1_bio_streamcrypto\asn1\asn_mime.cB64_write_ASN1-----BEGIN %s----- source: wse.exe, 0000000B.00000002.3410894586.00007FF88FCE8000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbE source: MSIFF78.tmp, 00000006.00000002.2149800260.0000000000D30000.00000002.00000001.01000000.00000008.sdmp, MSIFF78.tmp, 00000006.00000000.2144382949.0000000000D30000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3424408211.00007FF8B78BD000.00000002.00000001.01000000.00000012.sdmp, wse.exe, 00000012.00000003.2393111451.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: wse.exe, 0000000B.00000002.3430079326.00007FF8B8F74000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\cryptography\cryptography\cryptography-38.0.4\src\rust\target\release\deps\cryptography_rust.pdb source: wse.exe, 0000000B.00000002.3418492822.00007FF897789000.00000002.00000001.01000000.0000001E.sdmp, wse.exe, 00000013.00000002.3412796850.00007FF88DEC9000.00000002.00000001.01000000.00000043.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: wse.exe, 0000000A.00000003.2216867432.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3428735250.00007FF8B8AF3000.00000002.00000001.01000000.0000001D.sdmp, wse.exe, 00000012.00000003.2396965112.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: wse.exe, 0000000B.00000002.3417531454.00007FF892475000.00000002.00000001.01000000.00000023.sdmp, wse.exe, 00000013.00000002.3420748729.00007FF891F05000.00000002.00000001.01000000.00000048.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: wse.exe, 0000000A.00000003.2215591352.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3429259572.00007FF8B8C16000.00000002.00000001.01000000.0000001C.sdmp, wse.exe, 00000012.00000003.2393712496.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3423795241.00007FF8B8266000.00000002.00000001.01000000.00000041.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: wse.exe, 0000000B.00000002.3421054358.00007FF8A8A65000.00000002.00000001.01000000.0000001A.sdmp, wse.exe, 00000013.00000002.3420153848.00007FF890D15000.00000002.00000001.01000000.0000003F.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: wse.exe, 0000000A.00000003.2208795654.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3425917912.00007FF8B7E0E000.00000002.00000001.01000000.00000011.sdmp, wse.exe, 00000012.00000003.2389740328.0000026E5EEA4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wse.exe, 0000000A.00000003.2207879018.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3428216429.00007FF8B8835000.00000002.00000001.01000000.00000024.sdmp, wse.exe, 00000012.00000003.2388242139.0000026E5EEA3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: wse.exe, 0000000A.00000003.2215431066.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2393513163.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: wse.exe, 0000000B.00000002.3410894586.00007FF88FCE8000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wse.exe, 0000000B.00000002.3414759693.00007FF891B3F000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: wse.exe, 0000000A.00000003.2215821567.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3429745405.00007FF8B8CB3000.00000002.00000001.01000000.00000016.sdmp, wse.exe, 00000012.00000003.2394028703.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3425233097.00007FF8B82C3000.00000002.00000001.01000000.0000003B.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: wse.exe, 0000000B.00000002.3423158078.00007FF8B603D000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: wse.exe, 0000000A.00000003.2214933935.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3422682767.00007FF8B5727000.00000002.00000001.01000000.0000001F.sdmp, wse.exe, 00000012.00000003.2392659319.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3422031142.00007FF8B5707000.00000002.00000001.01000000.00000044.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: wse.exe, 0000000A.00000003.2215080547.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3424408211.00007FF8B78BD000.00000002.00000001.01000000.00000012.sdmp, wse.exe, 00000012.00000003.2393111451.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setups.exe, 00000000.00000000.2112060146.0000000000A29000.00000002.00000001.01000000.00000003.sdmp, setups.exe, 00000000.00000002.2207072685.0000000000A29000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: wse.exe, 0000000B.00000002.3414759693.00007FF891B3F000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wse.exe, 0000000A.00000003.2207561297.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3427292257.00007FF8B7E61000.00000002.00000001.01000000.0000000D.sdmp, wse.exe, 00000012.00000003.2388015883.0000026E5EEA3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: wse.exe, 0000000B.00000002.3426708825.00007FF8B7E31000.00000002.00000001.01000000.0000000F.sdmp, wse.exe, 00000013.00000002.3429082787.00007FF8B9121000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: wse.exe, 0000000B.00000002.3421054358.00007FF8A8A65000.00000002.00000001.01000000.0000001A.sdmp, wse.exe, 00000013.00000002.3420153848.00007FF890D15000.00000002.00000001.01000000.0000003F.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: wse.exe, 0000000B.00000002.3424055775.00007FF8B7835000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: wse.exe, 0000000A.00000003.2216287484.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3424931878.00007FF8B7DE9000.00000002.00000001.01000000.00000013.sdmp, wse.exe, 00000012.00000003.2394905173.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: wse.exe, 0000000B.00000002.3430947978.00007FF8BA4F2000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: wininet.pdbUGP source: setups.exe, 00000000.00000003.2123935534.00000000091B8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: wse.exe, 0000000B.00000002.3417032163.00007FF89233D000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: wse.exe, 0000000A.00000003.2208040971.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000002.3423677345.00007FF8B77F7000.00000002.00000001.01000000.0000001B.sdmp, wse.exe, 00000012.00000003.2388411084.0000026E5EEA3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000013.00000002.3424126339.00007FF8B8277000.00000002.00000001.01000000.00000040.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: wse.exe, 0000000B.00000002.3411508850.00007FF89079C000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: wse.exe, 0000000B.00000002.3419111256.00007FF897B13000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\a\mitmproxy_wireguard\mitmproxy_wireguard\target\release\deps\mitmproxy_wireguard.pdb source: wse.exe, 0000000B.00000002.3412715280.00007FF890909000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: MSIFF78.tmp, 00000006.00000002.2149800260.0000000000D30000.00000002.00000001.01000000.00000008.sdmp, MSIFF78.tmp, 00000006.00000000.2144382949.0000000000D30000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: wse.exe, 0000000B.00000002.3414759693.00007FF891BC1000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: challengeNETSCAPE_SPKACspkacsig_algorcrypto\bn\bn_exp.cBN_mod_exp_recpBN_mod_exp_mont_wordX509V3_EXT_nconf_intcrypto\x509\v3_conf.csection=%s, name=%s, value=%sdo_ext_nconfname=%s,section=%sdo_ext_i2dX509V3_EXT_i2dcritical,DER:ASN1:v3_generic_extensionvalue=%sX509V3_get_sectioncrypto\x509\v3_lib.cX509V3_add1_i2dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.0.7built on: Fri Nov 25 00:13:15 2022 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot available source: wse.exe, 0000000B.00000002.3410894586.00007FF88FCE8000.00000002.00000001.01000000.00000020.sdmp
Source: setups.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: setups.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: setups.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: setups.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: setups.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: shiF7C3.tmp.0.drStatic PE information: 0xC7FEC470 [Wed Apr 29 05:06:56 2076 UTC]
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008DC730 SHGetFolderPathW,GetSystemDirectoryW,GetWindowsDirectoryW,GetWindowsDirectoryW,GetModuleFileNameW,SHGetSpecialFolderLocation,LoadLibraryW,GetProcAddress,GetEnvironmentVariableW,SHGetPathFromIDListW,SHGetMalloc,0_2_008DC730
Source: setups.exeStatic PE information: section name: .didat
Source: setups.exeStatic PE information: section name: .fptable
Source: shiF7C3.tmp.0.drStatic PE information: section name: .wpp_sf
Source: shiF7C3.tmp.0.drStatic PE information: section name: .didat
Source: MSIF860.tmp.0.drStatic PE information: section name: .fptable
Source: MSIF8DE.tmp.0.drStatic PE information: section name: .fptable
Source: MSIF95C.tmp.0.drStatic PE information: section name: .fptable
Source: preF98C.tmp.0.drStatic PE information: section name: .didat
Source: preF98C.tmp.0.drStatic PE information: section name: .fptable
Source: MSIFE5B.tmp.2.drStatic PE information: section name: .fptable
Source: MSIFEC9.tmp.2.drStatic PE information: section name: .fptable
Source: MSIFF09.tmp.2.drStatic PE information: section name: .fptable
Source: MSIFF38.tmp.2.drStatic PE information: section name: .fptable
Source: MSIFF78.tmp.2.drStatic PE information: section name: .fptable
Source: MSI303.tmp.2.drStatic PE information: section name: .fptable
Source: MSI352.tmp.2.drStatic PE information: section name: .didat
Source: MSI352.tmp.2.drStatic PE information: section name: .fptable
Source: libcrypto-1_1.dll.10.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.10.drStatic PE information: section name: .00cfg
Source: VCRUNTIME140.dll.10.drStatic PE information: section name: _RDATA
Source: _imagingft.cp39-win_amd64.pyd.10.drStatic PE information: section name: _RDATA
Source: VCRUNTIME140.dll.18.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.18.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.18.drStatic PE information: section name: .00cfg
Source: _imagingft.cp39-win_amd64.pyd.18.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008A2710 push ecx; mov dword ptr [esp], 3F800000h0_2_008A286C
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007A2F7B push 8BFFFFFEh; iretd 0_2_007A2F8C
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0099389A push ecx; ret 0_2_009938AD
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0077FDE0 push ecx; mov dword ptr [esp], ecx0_2_0077FDE1
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D0A459 push ecx; ret 6_2_00D0A46C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8907C55C2 push r8; ret 11_2_00007FF8907C55C4

Persistence and Installation Behavior

barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSIFF78.tmpJump to behavior
Found pyInstaller with non standard icon
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: "C:\Program Files (x86)\Secure\Installer\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Installs new ROOT certificates
Source: C:\Windows\System32\certutil.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\67E19D9AC30690B9C486E84843F8283822E54FA4 Blob
Sample is not signed and drops a device driver
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll\WinDivert32.sysJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll\WinDivert64.sysJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\pydivert\windivert_dll\WinDivert32.sys
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\pydivert\windivert_dll\WinDivert64.sys
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\pydivert\windivert_dll\WinDivert32.sys
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\pydivert\windivert_dll\WinDivert64.sys
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Secure\Installer\wse.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\tornado\speedups.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF78.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\python39.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\python39.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\tornado\speedups.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\libcrypto-1_1.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_lzma.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\unicodedata.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\unicodedata.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFEC9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF09.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\python3.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\python39.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\libffi-7.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_queue.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_uuid.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\libffi-7.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_hashlib.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_overlapped.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\MSVCP140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\preF98C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI352.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\MSIF8DE.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_uuid.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\tornado\speedups.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_elementtree.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\libffi-7.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI303.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_elementtree.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\MSIF95C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_bz2.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_overlapped.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\pyexpat.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_multiprocessing.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\VCRUNTIME140.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_elementtree.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE5B.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\shiF7C3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_ctypes.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_overlapped.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\MSVCP140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\libssl-1_1.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_decimal.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\MSVCP140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF38.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\MSIF860.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_uuid.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\_ssl.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\_decimal.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE5B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFEC9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF09.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF38.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFF78.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI303.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI352.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\MarkupSafe-3.0.2.dist-info\LICENSE.txtJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\itsdangerous-2.2.0.dist-info\LICENSE.txtJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76962\werkzeug-3.1.3.dist-info\LICENSE.txtJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\MarkupSafe-3.0.2.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\itsdangerous-2.2.0.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI76242\werkzeug-3.1.3.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\MarkupSafe-3.0.2.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\itsdangerous-2.2.0.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77162\werkzeug-3.1.3.dist-info\LICENSE.txt
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WSE_DriverJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WSE_DriverJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE45820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,10_2_00007FF77AE45820
Source: C:\Users\user\Desktop\setups.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\743AF0529BD032A0F44A83CDD4BAA97B7C2EC49A BlobJump to behavior
Source: C:\Users\user\Desktop\setups.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSIFF78.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF88FA31020 rdtsc 11_2_00007FF88FA31020
Source: C:\Program Files (x86)\Secure\Installer\wse.exeWindow / User API: threadDelayed 1169Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeWindow / User API: threadDelayed 8818Jump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeWindow / User API: threadDelayed 6219
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeWindow / User API: threadDelayed 3779
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeWindow / User API: threadDelayed 9890
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\tornado\speedups.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\python39.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\python39.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\tornado\speedups.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_queue.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\unicodedata.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\unicodedata.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\unicodedata.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFEC9.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFF09.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\python39.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_queue.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_uuid.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_lzma.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_hashlib.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_overlapped.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Users\user\Desktop\setups.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\preF98C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI352.tmpJump to dropped file
Source: C:\Users\user\Desktop\setups.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIF8DE.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_uuid.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\tornado\speedups.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_elementtree.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI303.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_elementtree.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIF95C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_queue.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_overlapped.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\pyexpat.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_multiprocessing.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\pyexpat.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_elementtree.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFE5B.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiF7C3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_ctypes.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_overlapped.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_decimal.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\select.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_asyncio.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFF38.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIF860.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77162\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_uuid.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76242\_ssl.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI76962\_decimal.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\setups.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-68704
Source: C:\Windows\Installer\MSIFF78.tmpAPI coverage: 3.2 %
Source: C:\Program Files (x86)\Secure\Installer\wse.exeAPI coverage: 0.7 %
Source: C:\Program Files (x86)\Secure\Installer\wse.exe TID: 8064Thread sleep count: 1169 > 30Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exe TID: 8064Thread sleep time: -1169000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exe TID: 8064Thread sleep count: 8818 > 30Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exe TID: 8064Thread sleep time: -8818000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 4756Thread sleep count: 6219 > 30
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 4756Thread sleep time: -6219000s >= -30000s
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 4756Thread sleep count: 3779 > 30
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 4756Thread sleep time: -3779000s >= -30000s
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 7916Thread sleep count: 9890 > 30
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 7916Thread sleep time: -9890000s >= -30000s
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 7916Thread sleep count: 107 > 30
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 7916Thread sleep time: -107000s >= -30000s
Source: C:\Program Files (x86)\Secure\Installer\wse.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Secure\Installer\wse.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\Users\user\AppData\Roaming FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\Users\user\AppData\Roaming\Secure\Installer 5\install FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\Users\user\AppData\Roaming\Secure\Installer 5\install FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008C5BA0 FindFirstFileW,GetLastError,FindClose,0_2_008C5BA0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008FC5B0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_008FC5B0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008D4840 FindFirstFileW,FindClose,FindClose,0_2_008D4840
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008FCA30 FindFirstFileW,FindClose,0_2_008FCA30
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008C5270 FindFirstFileW,FindFirstFileW,FindClose,FindClose,0_2_008C5270
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007854C0 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,0_2_007854C0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008A77A0 FindFirstFileW,FindNextFileW,FindClose,0_2_008A77A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008F1E30 FindFirstFileW,FindClose,CloseHandle,CloseHandle,0_2_008F1E30
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D21CA0 FindFirstFileExW,6_2_00D21CA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE492F0 FindFirstFileExW,FindClose,10_2_00007FF77AE492F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE483B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,10_2_00007FF77AE483B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE618E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,10_2_00007FF77AE618E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE492F0 FindFirstFileExW,FindClose,11_2_00007FF77AE492F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE483B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,11_2_00007FF77AE483B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE618E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,11_2_00007FF77AE618E4
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007A4BB0 GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLastError,0_2_007A4BB0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0098F573 VirtualQuery,GetSystemInfo,0_2_0098F573
Source: wse.exe, 0000000A.00000003.2218030604.000001CE66705000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000012.00000003.2398410844.0000026E5EEA5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: wse.exe, 00000013.00000002.3382710977.000001E9EAF95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @author: David Shaw, shawd@vmware.com
Source: wse.exe, 0000000B.00000002.3381440072.00000219DA190000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2246047091.00000219DA1C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWjP/A%SystemRoot%\system32\mswsock.dll
Source: wse.exe, 0000000B.00000003.2246047091.00000219DA1C0000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.2245297133.00000219DA265000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF88FA313B011_2_00007FF88FA313B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF88FA3135011_2_00007FF88FA31350
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F424111_2_00007FF8918F4241
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF8918F572C11_2_00007FF8918F572C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF88FA31020 rdtsc 11_2_00007FF88FA31020
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009981B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009981B3
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008BF290 CreateFileW,GetLastError,OutputDebugStringW,OutputDebugStringW,SetFilePointer,OutputDebugStringW,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,0_2_008BF290
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008DC730 SHGetFolderPathW,GetSystemDirectoryW,GetWindowsDirectoryW,GetWindowsDirectoryW,GetModuleFileNameW,SHGetSpecialFolderLocation,LoadLibraryW,GetProcAddress,GetEnvironmentVariableW,SHGetPathFromIDListW,SHGetMalloc,0_2_008DC730
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0099294E mov esi, dword ptr fs:[00000030h]0_2_0099294E
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009929BA GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,0_2_009929BA
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"Jump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007A4B60 __set_se_translator,SetUnhandledExceptionFilter,0_2_007A4B60
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009981B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009981B3
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0099343E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0099343E
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007B1A50 __set_se_translator,SetUnhandledExceptionFilter,0_2_007B1A50
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D0E67B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00D0E67B
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D0A631 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00D0A631
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D0A7C5 SetUnhandledExceptionFilter,6_2_00D0A7C5
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D09C9D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00D09C9D
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE4D37C SetUnhandledExceptionFilter,10_2_00007FF77AE4D37C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE4D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF77AE4D19C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE4C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FF77AE4C910
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE5A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF77AE5A684
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE4D37C SetUnhandledExceptionFilter,11_2_00007FF77AE4D37C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE4D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF77AE4D19C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE4C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00007FF77AE4C910
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF77AE5A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF77AE5A684
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890693568 SetUnhandledExceptionFilter,11_2_00007FF890693568
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890692A04 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00007FF890692A04
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890693380 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF890693380
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D51AD8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF890D51AD8
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF890D51090 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00007FF890D51090
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00CE7B10 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,GetProcessId,AllowSetForegroundWindow,GetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,AttachThreadInput,Sleep,GetProcessId,Sleep,EnumWindows,BringWindowToTop,WaitForSingleObject,GetExitCodeProcess,6_2_00CE7B10
Source: C:\Windows\Installer\MSIFF78.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://telixsearch.com/thankyouJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\certutil.exe "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy\mitmproxy-ca-cert.pemJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\setups.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\secure\installer 5\install\using python exe.msi" ai_setupexepath=c:\users\user\desktop\setups.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1737552040 "
Source: C:\Users\user\Desktop\setups.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\secure\installer 5\install\using python exe.msi" ai_setupexepath=c:\users\user\desktop\setups.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1737552040 " Jump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008C0490 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,CloseHandle,0_2_008C0490
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 10_2_00007FF77AE695E0 cpuid 10_2_00007FF77AE695E0
Source: C:\Users\user\Desktop\setups.exeCode function: GetLocaleInfoW,0_2_009B61C0
Source: C:\Users\user\Desktop\setups.exeCode function: EnumSystemLocalesW,0_2_009B62AE
Source: C:\Users\user\Desktop\setups.exeCode function: GetLocaleInfoW,GetLocaleInfoW,0_2_008F4220
Source: C:\Users\user\Desktop\setups.exeCode function: EnumSystemLocalesW,0_2_009B6263
Source: C:\Users\user\Desktop\setups.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_009B63E0
Source: C:\Users\user\Desktop\setups.exeCode function: EnumSystemLocalesW,0_2_009B6349
Source: C:\Users\user\Desktop\setups.exeCode function: GetLocaleInfoW,0_2_009B6640
Source: C:\Users\user\Desktop\setups.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_009B6765
Source: C:\Users\user\Desktop\setups.exeCode function: GetLocaleInfoW,0_2_009B686B
Source: C:\Users\user\Desktop\setups.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_009B6947
Source: C:\Users\user\Desktop\setups.exeCode function: EnumSystemLocalesW,0_2_009AD692
Source: C:\Users\user\Desktop\setups.exeCode function: GetLocaleInfoW,0_2_009ADC0F
Source: C:\Users\user\Desktop\setups.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_009B5FA4
Source: C:\Windows\Installer\MSIFF78.tmpCode function: GetLocaleInfoW,6_2_00D251F0
Source: C:\Windows\Installer\MSIFF78.tmpCode function: EnumSystemLocalesW,6_2_00D1F222
Source: C:\Windows\Installer\MSIFF78.tmpCode function: GetLocaleInfoEx,6_2_00D093DC
Source: C:\Windows\Installer\MSIFF78.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_00D25315
Source: C:\Windows\Installer\MSIFF78.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_00D254F7
Source: C:\Windows\Installer\MSIFF78.tmpCode function: GetLocaleInfoW,6_2_00D2541B
Source: C:\Windows\Installer\MSIFF78.tmpCode function: GetLocaleInfoW,6_2_00D1F750
Source: C:\Windows\Installer\MSIFF78.tmpCode function: GetLocaleInfoEx,FormatMessageA,6_2_00CF2A11
Source: C:\Windows\Installer\MSIFF78.tmpCode function: GetACP,IsValidCodePage,GetLocaleInfoW,6_2_00D24B54
Source: C:\Windows\Installer\MSIFF78.tmpCode function: EnumSystemLocalesW,6_2_00D24EF9
Source: C:\Windows\Installer\MSIFF78.tmpCode function: EnumSystemLocalesW,6_2_00D24E5E
Source: C:\Windows\Installer\MSIFF78.tmpCode function: EnumSystemLocalesW,6_2_00D24E13
Source: C:\Windows\Installer\MSIFF78.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_00D24F90
Source: C:\Users\user\Desktop\setups.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp\static\images VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp\templates\icons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp\templates\icons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp\templates\icons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp\templates\icons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\publicsuffix2 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\publicsuffix2 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\pydivert\windivert_dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\zstandard VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\certifi VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\libffi-7.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\MSVCP140.dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\publicsuffix2 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\_ruamel_yaml.cp39-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\_socket.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\select.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\_queue.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\PIL\_imaging.cp39-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\_asyncio.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\_overlapped.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\_uuid.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat\bindings\_rust.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI76962\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0090B4E0 CreateNamedPipeW,CreateFileW,0_2_0090B4E0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0099405E GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0099405E
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00909E60 GetUserNameW,GetLastError,GetUserNameW,GetEnvironmentVariableW,GetEnvironmentVariableW,RegDeleteValueW,RegCloseKey,RegQueryInfoKeyW,RegCloseKey,RegCloseKey,RegDeleteKeyW,RegCloseKey,RegDeleteValueW,RegCloseKey,0_2_00909E60
Source: C:\Windows\Installer\MSIFF78.tmpCode function: 6_2_00D1FBE4 GetTimeZoneInformation,6_2_00D1FBE4
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00767A00 GetVersionExW,GetVersionExW,IsProcessorFeaturePresent,0_2_00767A00
Source: C:\Users\user\Desktop\setups.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\setups.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\743AF0529BD032A0F44A83CDD4BAA97B7C2EC49A BlobJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		2
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		2
Disable or Modify Tools		1
Network Sniffing		2
System Time Discovery		Remote Services1
Archive Collected Data		3
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Windows Service		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol2
Browser Session Hijacking		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt11
Registry Run Keys / Startup Folder		1
Windows Service		2
Obfuscated Files or Information		Security Account Manager1
Account Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
Process Injection		2
Install Root Certificate		NTDS3
File and Directory Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Registry Run Keys / Startup Folder		1
Timestomp		LSA Secrets1
Network Sniffing		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials37
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion		DCSync141
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job122
Masquerading		Proc Filesystem1
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Modify Registry		/etc/passwd and /etc/shadow2
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Virtualization/Sandbox Evasion		Network Sniffing1
Application Window Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
Process Injection		Input Capture1
System Owner/User Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1596772 Sample: setups.exe Startdate: 22/01/2025 Architecture: WINDOWS Score: 92 91 ocsps.ssl.com 2->91 93 domainmxx6.cfd 2->93 95 bg.microsoft.map.fastly.net 2->95 111 Multi AV Scanner detection for dropped file 2->111 113 Multi AV Scanner detection for submitted file 2->113 115 NDIS Filter Driver detected (likely used to intercept and sniff network traffic) 2->115 117 3 other signatures 2->117 10 msiexec.exe 85 38 2->10         started        14 wse.exe 2->14         started        16 wse.exe 2->16         started        18 setups.exe 28 2->18         started        signatures3 process4 file5 73 C:\Windows\Installer\MSIFF78.tmp, PE32 10->73 dropped 75 C:\Windows\Installer\MSIFF38.tmp, PE32 10->75 dropped 77 C:\Windows\Installer\MSIFF09.tmp, PE32 10->77 dropped 83 5 other malicious files 10->83 dropped 127 Drops executables to the windows directory (C:\Windows) and starts them 10->127 20 wse.exe 153 10->20         started        24 MSIFF78.tmp 2 16 10->24         started        26 msiexec.exe 10->26         started        28 msiexec.exe 10->28         started        85 49 other files (42 malicious) 14->85 dropped 129 Multi AV Scanner detection for dropped file 14->129 131 Sample is not signed and drops a device driver 14->131 133 Found pyInstaller with non standard icon 14->133 30 wse.exe 14->30         started        79 C:\Users\...\backend_c.cp39-win_amd64.pyd, PE32+ 16->79 dropped 87 48 other files (41 malicious) 16->87 dropped 32 wse.exe 16->32         started        81 C:\Users\user\AppData\Local\...\preF98C.tmp, PE32 18->81 dropped 89 4 other files (3 malicious) 18->89 dropped 34 msiexec.exe 4 18->34         started        signatures6 process7 file8 63 C:\Users\...\backend_c.cp39-win_amd64.pyd, PE32+ 20->63 dropped 65 C:\Users\user\...\_cffi.cp39-win_amd64.pyd, PE32+ 20->65 dropped 67 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 20->67 dropped 69 47 other files (40 malicious) 20->69 dropped 119 Sample is not signed and drops a device driver 20->119 36 wse.exe 2 8 20->36         started        41 chrome.exe 9 24->41         started        43 cmd.exe 30->43         started        45 cmd.exe 32->45         started        signatures9 process10 dnsIp11 97 ocsps.ssl.com 18.173.205.57, 49807, 80 MIT-GATEWAYSUS United States 36->97 99 127.0.0.1 unknown unknown 36->99 71 C:\Users\user\AppData\Local\Apps\...\wse.exe, PE32+ 36->71 dropped 121 Registers a new ROOT certificate 36->121 123 Sets a proxy for the internet explorer 36->123 125 Enables a proxy for the internet explorer 36->125 47 certutil.exe 36->47         started        50 cmd.exe 36->50         started        101 192.168.2.5, 137, 443, 49703 unknown unknown 41->101 103 239.255.255.250 unknown Reserved 41->103 52 chrome.exe 41->52         started        55 conhost.exe 43->55         started        57 conhost.exe 45->57         started        file12 signatures13 process14 dnsIp15 135 Installs new ROOT certificates 47->135 59 conhost.exe 47->59         started        61 conhost.exe 50->61         started        105 www.google.com 142.250.185.164, 443, 49719, 50024 GOOGLEUS United States 52->105 107 a.nel.cloudflare.com 35.190.80.1, 443, 49736, 49746 GOOGLEUS United States 52->107 109 7 other IPs or domains 52->109 signatures16 process17

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.