Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setups.exe

Overview

General Information

Sample name:setups.exe
Analysis ID:1596772
MD5:65dfdbfed14a0303a91f042083c72255
SHA1:257cd07968ea21cbba0f046cd348213d3a9004b6
SHA256:95ce6a254a608c064f7a36a703f28e7a22043d0b88526b2d4253cd17574bb950
Tags:exeuser-aachum
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Drops executables to the windows directory (C:\Windows) and starts them
Enables a proxy for the internet explorer
Found pyInstaller with non standard icon
Installs new ROOT certificates
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Potentially malicious time measurement code found
Registers a new ROOT certificate
Sample is not signed and drops a device driver
Sets a proxy for the internet explorer
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Detected suspicious crossdomain redirect
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • setups.exe (PID: 4464 cmdline: "C:\Users\user\Desktop\setups.exe" MD5: 65DFDBFED14A0303A91F042083C72255)
    • msiexec.exe (PID: 5236 cmdline: "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\Secure\Installer 5\install\using python exe.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\setups.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1737552950 " MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 5876 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 3364 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6F02A3AA79145ED665DA8A00CBEE4BBB C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 5604 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 4411FD9037671958950F8C5C5D45F5D3 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSI1F5A.tmp (PID: 6784 cmdline: "C:\Windows\Installer\MSI1F5A.tmp" https://telixsearch.com/thankyou MD5: FDBC1876C1B3E7CA3CE9FA8EA00EC94F)
      • chrome.exe (PID: 7268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://telixsearch.com/thankyou MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 7496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1896,i,14492340572804942828,11628157591585830071,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • wse.exe (PID: 7236 cmdline: "C:\Program Files (x86)\Secure\Installer\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
      • wse.exe (PID: 8136 cmdline: "C:\Program Files (x86)\Secure\Installer\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
        • cmd.exe (PID: 8156 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • certutil.exe (PID: 2920 cmdline: "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy\mitmproxy-ca-cert.pem MD5: F17616EC0522FC5633151F7CAA278CAA)
          • conhost.exe (PID: 5848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • wse.exe (PID: 5232 cmdline: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
    • wse.exe (PID: 2212 cmdline: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
      • cmd.exe (PID: 3872 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • wse.exe (PID: 7796 cmdline: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
    • wse.exe (PID: 7852 cmdline: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe" MD5: 0599366E3B2D5D2BE0799CBBB6D1953B)
      • cmd.exe (PID: 7724 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Secure\Installer\wse.exe, ProcessId: 8136, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WSE_Driver
Sigma detected: Modification of IE Registry Settings
Source: Registry Key setAuthor: frack113: Data: Details: 127.0.0.1:20034, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Secure\Installer\wse.exe, ProcessId: 8136, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://www.siteleaf.com/Avira URL Cloud: Label: malware
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeReversingLabs: Detection: 58%
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeReversingLabs: Detection: 58%
Multi AV Scanner detection for submitted file
Source: setups.exeReversingLabs: Detection: 42%
Source: setups.exeVirustotal: Detection: 44%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 84.6% probability
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A8E850 BCryptGenRandom,12_2_00007FFB97A8E850
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A25D60 GetProcessHeap,HeapAlloc,memmove,QueryPerformanceCounter,BCryptGenRandom,memmove,memset,QueryPerformanceCounter,memmove,QueryPerformanceCounter,memset,memset,GetLastError,GetLastError,GetLastError,12_2_00007FFB97A25D60
Source: setups.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\MarkupSafe-3.0.2.dist-info\LICENSE.txtJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\itsdangerous-2.2.0.dist-info\LICENSE.txtJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\werkzeug-3.1.3.dist-info\LICENSE.txtJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\MarkupSafe-3.0.2.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\itsdangerous-2.2.0.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\werkzeug-3.1.3.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\MarkupSafe-3.0.2.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\itsdangerous-2.2.0.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\werkzeug-3.1.3.dist-info\LICENSE.txt
Source: setups.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: wse.exe, 0000000C.00000002.3400065063.00007FFB9A14D000.00000002.00000001.01000000.0000002B.sdmp, wse.exe, 00000016.00000002.3391750184.00007FFB9638D000.00000002.00000001.01000000.00000050.sdmp
Source: Binary string: wininet.pdb source: setups.exe, 00000000.00000003.1514769489.000000000958A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: wse.exe, 0000000C.00000002.3402121443.00007FFBAB075000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: signToolcAToolsignToolCertcAToolCertISSUER_SIGN_TOOLv2i_issuer_sign_toolcrypto\x509\v3_ist.ci2r_issuer_sign_tool%*ssignTool : %*scATool : %*ssignToolCert: %*scAToolCert : compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: PKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excrypto\bio\bio_sock.cBIO_sock_initcalling wsastartup()BIO_socket_ioctlcalling ioctlsocket()i2d_ASN1_bio_streamcrypto\asn1\asn_mime.cB64_write_ASN1-----BEGIN %s----- source: wse.exe, 0000000C.00000002.3394003185.00007FFB97DF8000.00000002.00000001.01000000.00000021.sdmp, wse.exe, 00000016.00000002.3395666718.00007FFB96B78000.00000002.00000001.01000000.00000046.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbE source: MSI1F5A.tmp, 00000006.00000002.1543241105.00000000009B0000.00000002.00000001.01000000.00000009.sdmp, MSI1F5A.tmp, 00000006.00000000.1529983812.00000000009B0000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3404635060.00007FFBB4FAD000.00000002.00000001.01000000.00000013.sdmp, wse.exe, 00000015.00000003.1763872516.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3409360517.00007FFBBC344000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\cryptography\cryptography\cryptography-38.0.4\src\rust\target\release\deps\cryptography_rust.pdb source: wse.exe, 0000000C.00000002.3403479212.00007FFBABAF9000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3408703358.00007FFBBBE93000.00000002.00000001.01000000.0000001E.sdmp, wse.exe, 00000015.00000003.1765043502.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: wse.exe, 0000000C.00000002.3402121443.00007FFBAB075000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3410204040.00007FFBC31D6000.00000002.00000001.01000000.0000001D.sdmp, wse.exe, 00000015.00000003.1764188985.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\install\WDDK\amd64\WinDivert.pdb source: wse.exe, 0000000B.00000003.1616504843.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: wse.exe, 0000000C.00000002.3407792126.00007FFBBB735000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3405096046.00007FFBB5C2E000.00000002.00000001.01000000.00000012.sdmp, wse.exe, 00000015.00000003.1761682211.000001B52D8A5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\install\WDDK\i386\WinDivert.pdb source: wse.exe, 0000000B.00000003.1616171409.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wse.exe, 0000000B.00000003.1596143019.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3408356998.00007FFBBB8F5000.00000002.00000001.01000000.00000024.sdmp, wse.exe, 00000015.00000003.1760948740.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: wse.exe, 0000000B.00000003.1599660526.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1764082409.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: wse.exe, 0000000C.00000002.3394003185.00007FFB97DF8000.00000002.00000001.01000000.00000021.sdmp, wse.exe, 00000016.00000002.3395666718.00007FFB96B78000.00000002.00000001.01000000.00000046.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wse.exe, 0000000C.00000002.3395531409.00007FFB9815F000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3409022663.00007FFBBC153000.00000002.00000001.01000000.00000017.sdmp, wse.exe, 00000015.00000003.1764305253.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\windivert1.3\divert-master\install\WDDK\amd64\WinDivert64.pdb source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: wse.exe, 0000000C.00000002.3410927607.00007FFBC320D000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: wse.exe, 0000000B.00000003.1598954241.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3407232240.00007FFBBB6A7000.00000002.00000001.01000000.00000020.sdmp, wse.exe, 00000015.00000003.1763722359.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3404635060.00007FFBB4FAD000.00000002.00000001.01000000.00000013.sdmp, wse.exe, 00000015.00000003.1763872516.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setups.exe, 00000000.00000000.1495289279.0000000000979000.00000002.00000001.01000000.00000003.sdmp, setups.exe, 00000000.00000002.1596380670.0000000000979000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: c:\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\install\WDDK\amd64\WinDivert.pdbH source: wse.exe, 0000000B.00000003.1616504843.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\windivert1.3\divert-master\install\WDDK\i386\WinDivert32.pdb source: wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: wse.exe, 0000000C.00000002.3395531409.00007FFB9815F000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wse.exe, 0000000B.00000003.1595745027.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3405842854.00007FFBB5DA1000.00000002.00000001.01000000.0000000E.sdmp, wse.exe, 00000015.00000003.1760810415.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: wse.exe, 0000000C.00000002.3405503118.00007FFBB5CC1000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: wse.exe, 0000000C.00000002.3407792126.00007FFBBB735000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: wse.exe, 0000000C.00000002.3402635439.00007FFBAB115000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3409919234.00007FFBBCF52000.00000002.00000001.01000000.0000000F.sdmp, wse.exe, 00000016.00000002.3410306970.00007FFBC3152000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: wse.exe, 0000000B.00000003.1600858559.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3404258568.00007FFBB4C49000.00000002.00000001.01000000.00000014.sdmp, wse.exe, 00000015.00000003.1764659966.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3405888108.00007FFBA9979000.00000002.00000001.01000000.00000039.sdmp
Source: Binary string: wininet.pdbUGP source: setups.exe, 00000000.00000003.1514769489.000000000958A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: wse.exe, 0000000C.00000002.3400065063.00007FFB9A14D000.00000002.00000001.01000000.0000002B.sdmp, wse.exe, 00000016.00000002.3391750184.00007FFB9638D000.00000002.00000001.01000000.00000050.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3410543702.00007FFBC31E7000.00000002.00000001.01000000.0000001C.sdmp, wse.exe, 00000015.00000003.1761035350.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3391907797.00007FFB9795C000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: wse.exe, 0000000C.00000002.3398568249.00007FFB99873000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\mitmproxy_wireguard\mitmproxy_wireguard\target\release\deps\mitmproxy_wireguard.pdb source: wse.exe, 0000000C.00000002.3393177284.00007FFB97AC9000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: MSI1F5A.tmp, 00000006.00000002.1543241105.00000000009B0000.00000002.00000001.01000000.00000009.sdmp, MSI1F5A.tmp, 00000006.00000000.1529983812.00000000009B0000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: challengeNETSCAPE_SPKACspkacsig_algorcrypto\bn\bn_exp.cBN_mod_exp_recpBN_mod_exp_mont_wordX509V3_EXT_nconf_intcrypto\x509\v3_conf.csection=%s, name=%s, value=%sdo_ext_nconfname=%s,section=%sdo_ext_i2dX509V3_EXT_i2dcritical,DER:ASN1:v3_generic_extensionvalue=%sX509V3_get_sectioncrypto\x509\v3_lib.cX509V3_add1_i2dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.0.7built on: Fri Nov 25 00:13:15 2022 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot available source: wse.exe, 0000000C.00000002.3394003185.00007FFB97DF8000.00000002.00000001.01000000.00000021.sdmp, wse.exe, 00000016.00000002.3395666718.00007FFB96B78000.00000002.00000001.01000000.00000046.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: wse.exe, 0000000C.00000002.3395531409.00007FFB981E1000.00000002.00000001.01000000.0000001A.sdmp
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile opened: c:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00815BA0 FindFirstFileW,GetLastError,FindClose,0_2_00815BA0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0084C5B0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_0084C5B0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00824840 FindFirstFileW,FindClose,FindClose,0_2_00824840
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0084CA30 FindFirstFileW,FindClose,0_2_0084CA30
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00815270 FindFirstFileW,FindFirstFileW,FindClose,FindClose,0_2_00815270
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006D54C0 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,0_2_006D54C0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007F77A0 FindFirstFileW,FindNextFileW,FindClose,0_2_007F77A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00841E30 FindFirstFileW,FindClose,CloseHandle,CloseHandle,0_2_00841E30
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0083BE70 FindFirstFileW,FindClose,0_2_0083BE70
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_009A1CA0 FindFirstFileExW,6_2_009A1CA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627092F0 FindFirstFileExW,FindClose,11_2_00007FF6627092F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627083B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,11_2_00007FF6627083B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627218E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,11_2_00007FF6627218E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF6627092F0 FindFirstFileExW,FindClose,12_2_00007FF6627092F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF6627083B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,12_2_00007FF6627083B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF6627218E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00007FF6627218E4
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006F4BB0 GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLastError,0_2_006F4BB0

Networking

barindex
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Source: WinDivert32.sys.11.drStatic PE information: Found NDIS imports: FwpsCalloutRegister0, FwpsInjectNetworkSendAsync0, FwpsInjectForwardAsync0, FwpmCalloutAdd0, FwpsAllocateNetBufferAndNetBufferList0, FwpsQueryPacketInjectionState0, FwpmEngineOpen0, FwpsInjectionHandleCreate0, FwpsInjectNetworkReceiveAsync0, FwpmEngineClose0, FwpmTransactionCommit0, FwpmSubLayerDeleteByKey0, FwpmTransactionBegin0, FwpsInjectionHandleDestroy0, FwpmSubLayerAdd0, FwpsCalloutUnregisterByKey0, FwpmTransactionAbort0, FwpmCalloutDeleteByKey0, FwpmFilterDeleteByKey0, FwpsFreeNetBufferList0, FwpmFilterAdd0
Source: WinDivert64.sys.11.drStatic PE information: Found NDIS imports: FwpsQueryPacketInjectionState0, FwpsInjectNetworkReceiveAsync0, FwpmSubLayerAdd0, FwpsCalloutUnregisterByKey0, FwpmCalloutDeleteByKey0, FwpmSubLayerDeleteByKey0, FwpsFreeNetBufferList0, FwpmEngineClose0, FwpmTransactionBegin0, FwpmFilterAdd0, FwpmEngineOpen0, FwpmTransactionAbort0, FwpsCalloutRegister0, FwpsInjectForwardAsync0, FwpmFilterDeleteByKey0, FwpmCalloutAdd0, FwpsInjectNetworkSendAsync0, FwpmTransactionCommit0, FwpsInjectionHandleCreate0, FwpsAllocateNetBufferAndNetBufferList0, FwpsInjectionHandleDestroy0
Source: WinDivert32.sys.21.drStatic PE information: Found NDIS imports: FwpsCalloutRegister0, FwpsInjectNetworkSendAsync0, FwpsInjectForwardAsync0, FwpmCalloutAdd0, FwpsAllocateNetBufferAndNetBufferList0, FwpsQueryPacketInjectionState0, FwpmEngineOpen0, FwpsInjectionHandleCreate0, FwpsInjectNetworkReceiveAsync0, FwpmEngineClose0, FwpmTransactionCommit0, FwpmSubLayerDeleteByKey0, FwpmTransactionBegin0, FwpsInjectionHandleDestroy0, FwpmSubLayerAdd0, FwpsCalloutUnregisterByKey0, FwpmTransactionAbort0, FwpmCalloutDeleteByKey0, FwpmFilterDeleteByKey0, FwpsFreeNetBufferList0, FwpmFilterAdd0
Source: WinDivert64.sys.21.drStatic PE information: Found NDIS imports: FwpsQueryPacketInjectionState0, FwpsInjectNetworkReceiveAsync0, FwpmSubLayerAdd0, FwpsCalloutUnregisterByKey0, FwpmCalloutDeleteByKey0, FwpmSubLayerDeleteByKey0, FwpsFreeNetBufferList0, FwpmEngineClose0, FwpmTransactionBegin0, FwpmFilterAdd0, FwpmEngineOpen0, FwpmTransactionAbort0, FwpsCalloutRegister0, FwpsInjectForwardAsync0, FwpmFilterDeleteByKey0, FwpmCalloutAdd0, FwpsInjectNetworkSendAsync0, FwpmTransactionCommit0, FwpsInjectionHandleCreate0, FwpsAllocateNetBufferAndNetBufferList0, FwpsInjectionHandleDestroy0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: telixsearch.com to https://2ly.link/23gga
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: 2ly.link to https://telixsearch.com/thankyou2
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 50.17.133.229
Source: unknownTCP traffic detected without corresponding DNS query: 50.17.133.229
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /thankyou HTTP/1.1Host: telixsearch.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /23GGa HTTP/1.1Host: 2ly.linkConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /thankyou2 HTTP/1.1Host: telixsearch.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /style.css HTTP/1.1Host: telixsearch.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telixsearch.com/thankyou2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r.php?payout=OPTIONAL&cnv_id=OPTIONAL HTTP/1.1Host: domainmxx7.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telixsearch.com/thankyou2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r.php?payout=OPTIONAL&cnv_id=OPTIONAL HTTP/1.1Host: domainmxx8.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telixsearch.com/thankyou2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r.php?payout=OPTIONAL&cnv_id=OPTIONAL HTTP/1.1Host: domainmxx7.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: telixsearch.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telixsearch.com/thankyou2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r.php?payout=OPTIONAL&cnv_id=OPTIONAL HTTP/1.1Host: domainmxx8.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQg3SSkKA74hABkhmlBtJTz8w3hlAQU%2BWC71OPVNPa49QaAJadz20ZpqJ4CEEJLalPOx2YUHCpjsaUcQQQ%3D HTTP/1.1Cache-Control: max-age = 86Proxy-Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 26 Sep 2024 16:44:14 GMTIf-None-Match: "3d5557f4d0ce85b5d42ae97579b154c53648c418"User-Agent: Microsoft-CryptoAPI/10.0Host: ocsps.ssl.com
Source: global trafficDNS traffic detected: DNS query: telixsearch.com
Source: global trafficDNS traffic detected: DNS query: 2ly.link
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: domainmxx8.cfd
Source: global trafficDNS traffic detected: DNS query: domainmxx7.cfd
Source: global trafficDNS traffic detected: DNS query: domainmxx6.cfd
Source: global trafficDNS traffic detected: DNS query: ocsps.ssl.com
Source: unknownHTTP traffic detected: POST /report/v4?s=Zf1v5cXM%2Fc4Z1oK5BbOF%2Fd%2Fn7qk%2FDVcLyIBC1%2FG9u%2BIYUtqkvzHT7WSgqTEkRxYAnPYVSNf%2FL8xUaXviA7iHa1khpzql7GfjPS7dRXSaOCoQ0tymBs0UBaCJlcHnBhYAhaM%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 428Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 Jan 2025 13:38:33 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachevary: User-Agentalt-svc: h3=":443"; ma=86400x-turbo-charged-by: LiteSpeedCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zf1v5cXM%2Fc4Z1oK5BbOF%2Fd%2Fn7qk%2FDVcLyIBC1%2FG9u%2BIYUtqkvzHT7WSgqTEkRxYAnPYVSNf%2FL8xUaXviA7iHa1khpzql7GfjPS7dRXSaOCoQ0tymBs0UBaCJlcHnBhYAhaM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 905ff1f0adbb7538-SEAserver-timing: cfL4;desc="?proto=TCP&rtt=70238&min_rtt=70234&rtt_var=26347&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1125&delivery_rate=41552&cwnd=32&unsent_bytes=0&cid=bca96cf8eb711c8a&ts=444&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 Jan 2025 13:38:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachevary: User-Agentalt-svc: h3=":443"; ma=86400x-turbo-charged-by: LiteSpeedCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YJZQFhyIZoDiNLHYaXWKcAyR%2FxiudO%2F3xRrHACX3yZNQGjJ8I%2BSblWbPuUvyNlMWm%2FAUc%2FU69ymMdbwDRHAWQMduVZVl%2FPIt2wNLIcokCJP0bpRRcw6RTMMp0VqnXoFwcAk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 905ff2086c01e73b-DENserver-timing: cfL4;desc="?proto=TCP&rtt=42647&min_rtt=42639&rtt_var=16006&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1173&delivery_rate=68376&cwnd=32&unsent_bytes=0&cid=be10dba0795ed90a&ts=325&x=0"
Source: wse.exe, 0000000C.00000002.3397673493.00007FFB994C1000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://.css
Source: wse.exe, 0000000C.00000002.3397673493.00007FFB994C1000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://.jpg
Source: wse.exe, 0000000C.00000002.3379013701.00000281CDAD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://browsercookielimits.squawky.net/
Source: wse.exe, 0000000C.00000002.3378770229.00000281CDA2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugs.jython.org/issue1758320
Source: wse.exe, 0000000C.00000002.3376644468.00000281CD3D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue5784
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: setups.exe, 00000000.00000002.1598679748.0000000009C50000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1597641539.0000000004FDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1763872516.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4Co
Source: wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601102891.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1621453672.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616830078.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597909978.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598286411.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600858559.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598621427.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598954241.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1599660526.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: setups.exe, 00000000.00000002.1598679748.0000000009C50000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1597641539.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601102891.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1621453672.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616830078.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597909978.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598286411.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600858559.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: wse.exe, 0000000B.00000003.1597909978.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1762886436.000001B52D8A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.c
Source: setups.exe, 00000000.00000002.1598679748.0000000009C50000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1595291107.0000000005029000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601102891.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1621453672.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616830078.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597909978.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598286411.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503784600.0000000005023000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://co.bn/faq.html
Source: wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: setups.exe, 00000000.00000002.1598679748.0000000009C50000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1597641539.0000000004FDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1764305253.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4
Source: wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601102891.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1621453672.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616830078.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597909978.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598286411.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600858559.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598621427.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598954241.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1599660526.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1597641539.0000000004FDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampi
Source: setups.exe, 00000000.00000002.1598679748.0000000009C50000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1597641539.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601102891.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1621453672.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616830078.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597909978.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598286411.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600858559.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: wse.exe, 0000000B.00000003.1599660526.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1764082409.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1763261072.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1761035350.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1764659966.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1764845770.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1763722359.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1762886436.000001B52D8A5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1764188985.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1763527207.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1764305253.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1763872516.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765171891.000001B52D8B3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765043502.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1761682211.000001B52D8A5000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765043502.000001B52D8B3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000019.00000003.1846409795.0000024047646000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601102891.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1621453672.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616830078.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597909978.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598286411.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600858559.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598621427.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598954241.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1599660526.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1597641539.0000000004FDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-409
Source: setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503784600.0000000005023000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: wse.exe, 0000000C.00000002.3379685962.00000281CDD35000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3388894583.00000281CEE80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dns.js.org
Source: wse.exe, 0000000C.00000002.3369061019.00000281CC43E000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1639046489.00000281CC4BF000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1641208283.00000281CC3FD000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3367411707.00000281CBFF0000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3369327145.0000025A29801000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000003.1791406794.0000025A2991D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/pprint.html#pprint.pprint
Source: wse.exe, 0000000C.00000002.3375102550.00000281CCFF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://drs.ua/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dy.fi/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://enonic.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://getchannels.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hakaran.cz
Source: wse.exe, 0000000C.00000002.3397673493.00007FFB994C1000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: http://html4/loose.dtd
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://info.cx
Source: wse.exe, 0000000C.00000003.1641553720.00000281CC8C8000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3371644351.00000281CC7F0000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1638305686.00000281CC87B000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3369061019.00000281CC320000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1639144060.00000281CC8C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: wse.exe, 0000000C.00000002.3389172703.00000281CEF00000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3389319258.00000281CEF40000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3388968182.0000025A2C360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://littlesvr.ca/apng/
Source: wse.exe, 0000000B.00000003.1615033393.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nic.krd/data/krd/Registration%20Policy.pdf
Source: wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digi
Source: wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601102891.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1621453672.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616830078.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597909978.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598286411.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600858559.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598621427.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598954241.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1599660526.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: setups.exe, 00000000.00000002.1598679748.0000000009C50000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1595291107.0000000005029000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601102891.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1621453672.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616830078.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597909978.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598286411.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: setups.exe, 00000000.00000002.1598679748.0000000009C50000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1597641539.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: setups.exe, 00000000.00000002.1598679748.0000000009C50000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1597641539.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601102891.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1621453672.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616830078.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597909978.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598286411.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600858559.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digif
Source: wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1597641539.0000000004FDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.co
Source: wse.exe, 0000000C.00000002.3391125116.00000281CF660000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3381851644.00000281CDF83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQg3SSkKA74hABkhmlBtJTz8w3hlAQU%2BWC71OPVNPa49QaAJ
Source: setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1597641539.0000000004FDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.com0
Source: setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503784600.0000000005023000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.com0_
Source: setups.exe, 00000000.00000003.1588052423.000000000A76B000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1595572466.000000000A770000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1599298726.000000000A770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oneocsp.microsot
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opencraft.com/
Source: wse.exe, 0000000C.00000002.3370753735.00000281CC660000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3370896888.00000281CC6A0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3371223528.0000025A29B00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://peplink.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://protonet.io
Source: wse.exe, 0000000B.00000003.1615033393.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://publicsuffix.org/public_suffix_list.dat
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python-hyper.org/en/latest/contributing.html
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qutheory.io
Source: wse.exe, 0000000C.00000002.3391125116.00000281CF660000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3381851644.00000281CDFA7000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3390644889.00000281CF3B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: wse.exe, 0000000C.00000002.3379013701.00000281CDAD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reqrypt.org/windivert-doc.html#divert_recv
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sae.sina.com.cn/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://taifun-software.de
Source: wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tuxfamily.org
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://very.lv
Source: wse.exe, 0000000B.00000003.1609071493.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773126072.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: wse.exe, 0000000B.00000003.1609190798.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1609071493.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1609071493.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773055993.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773223773.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773126072.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: wse.exe, 0000000C.00000002.3370753735.00000281CC660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.co.pl/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cosimo.de
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.craynic.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dansk.net/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.definima.com/
Source: wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601102891.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1621453672.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616830078.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597909978.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598286411.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1600858559.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598621427.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1598954241.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1599660526.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dreamhost.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.drobo.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.duckdns.org/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dyndns.com/services/dns/dyndns/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.evennode.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fastly.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freebox.fr
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.futureweb.at
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.goip.de
Source: wse.exe, 0000000C.00000002.3371644351.00000281CC966000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1641553720.00000281CC969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.icilalune.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.info.at/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.information.nyc.mn
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.interlegis.leg.br
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iodata.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kaashosting.nl/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.knightpoint.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.liquidnetlimited.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nic.priv.at/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.onefoldmedia.com/
Source: wse.exe, 0000000C.00000002.3388306699.00000281CED40000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3388147268.0000025A2C1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openwall.com/lists/oss-security/2011/06/27/9
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ownprovider.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ox.rs
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.revitalised.co.uk
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rit.edu/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.scrysec.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.shopblocks.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.skyhat.io
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.snt.utwente.nl/
Source: setups.exe, 00000000.00000003.1591540732.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1587910189.0000000004FDE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000002.1597641539.0000000004FDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ssl.com/repository/S
Source: setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sub6.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.townnews.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.udr.hk.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.viprinet.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xnbay.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.za.net/
Source: wse.exe, 0000000C.00000002.3371644351.00000281CC8C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xn--n3h.net/p%C3%A5th?q=%C3%A8ry%DF
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://Lifetime.Hosting/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.lmpm.com/
Source: wse.exe, 0000000C.00000002.3383213671.00000281CE210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/davidfraser/pyyaml/commits/d81df6eb95f20cac4a79eed95ae553b5c6f77b8c
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.jaraco.com/skeleton
Source: wse.exe, 0000000C.00000002.3379013701.00000281CDAD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://click.palletsprojects.com/en/stable/advanced/#callback-evaluation-order
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloud.oracle.com/home
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloud.yandex.com
Source: wse.exe, 0000000C.00000002.3379685962.00000281CDCC2000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3379013701.00000281CDAD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/archive/p/casadebender/wikis/Win32IconImagePlugin.wiki
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codecov.io/gh/python-hyper/h2
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://codecov.io/gh/python-hyper/h2/branch/master/graph/badge.svg
Source: wse.exe, 0000000C.00000002.3389872812.00000281CF220000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3372761233.00000281CCB70000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3367411707.00000281CBFF0000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3382640414.0000025A2B4F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptonomic.net/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cupcake.io/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://daplie.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dapps.earth/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://darklang.com
Source: wse.exe, 0000000C.00000002.3375812296.00000281CD1A0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3375556261.00000281CD110000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3375872934.0000025A2A570000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3376089068.0000025A2A600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desec.io/
Source: wse.exe, 0000000B.00000003.1614072309.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.android.com/training/articles/security-config
Source: wse.exe, 0000000C.00000002.3375454313.00000281CD0C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Trailer).
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.swisscom.com
Source: wse.exe, 0000000C.00000002.3371644351.00000281CC8C9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3379279086.00000281CDBE3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3382640414.0000025A2B542000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3369327145.0000025A29801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/protocol-buffers/docs/encoding
Source: wse.exe, 0000000C.00000002.3371644351.00000281CC8C9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3369327145.0000025A29801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/protocol-buffers/docs/proto3
Source: wse.exe, 0000000B.00000003.1586395870.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1609750068.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1757586189.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/pallets
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dnstrace.pro/
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizi
Source: wse.exe, 0000000C.00000002.3377369719.00000281CD680000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3377576258.0000025A2AAE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.mitmproxy.org/dev/addons-api-changelog/.
Source: wse.exe, 0000000C.00000002.3376741784.00000281CD410000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3376644468.00000281CD3D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.mitmproxy.org/dev/howto-transparent/
Source: wse.exe, 0000000C.00000002.3376741784.00000281CD410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.mitmproxy.org/dev/howto-transparent/pr__
Source: wse.exe, 0000000C.00000002.3388306699.00000281CED40000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3388147268.0000025A2C1A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.mitmproxy.org/stable/concepts-certificates/
Source: wse.exeString found in binary or memory: https://docs.python.org/3/library/asyncio-e
Source: wse.exeString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop
Source: wse.exe, wse.exe, 0000000C.00000002.3393177284.00007FFB97AC9000.00000002.00000001.01000000.00000028.sdmp, wse.exe, 0000000C.00000002.3384511794.00000281CE450000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3372761233.00000281CCB70000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3372896980.0000025A29F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html#asyncio.Server)
Source: wse.exeString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html#asyncio.Server)from
Source: wse.exe, 0000000C.00000002.3393177284.00007FFB97AC9000.00000002.00000001.01000000.00000028.sdmp, wse.exe, 0000000C.00000002.3384511794.00000281CE450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-stream.html#asyncio.start_server)
Source: wse.exe, wse.exe, 0000000C.00000002.3384014422.00000281CE390000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3393177284.00007FFB97AC9000.00000002.00000001.01000000.00000028.sdmp, wse.exe, 0000000C.00000002.3371644351.00000281CC7F0000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3384511794.00000281CE450000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3379828018.0000025A2B030000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3369327145.0000025A29801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-stream.html)
Source: wse.exeString found in binary or memory: https://docs.python.org/3/library/asyncio-stream.html)from
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/copy.html#copy.replace).
Source: wse.exe, 0000000C.00000002.3366622404.00000281CBC70000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630049160.00000281C9EE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630049160.00000281C9EE9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3366021774.00000281CB870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: wse.exe, 0000000C.00000002.3366622404.00000281CBC70000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630049160.00000281C9EE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630049160.00000281C9EE9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3366021774.00000281CB870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3366021774.00000281CB870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3366021774.00000281CB870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3365735858.00000281CB830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3366788067.00000281CBDF0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3366832631.0000025A29240000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: wse.exe, 0000000C.00000003.1630432812.00000281C9F02000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630049160.00000281C9EE9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630992184.00000281C9EF1000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3364857147.00000281C9E80000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000003.1788819886.0000025A274DD000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000003.1789069942.0000025A274DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: wse.exe, 0000000C.00000002.3369061019.00000281CC43E000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3372896980.0000025A29EFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html
Source: wse.exe, 0000000C.00000002.3369061019.00000281CC43E000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3372896980.0000025A29EFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
Source: wse.exe, 0000000C.00000002.3376644468.00000281CD3D0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3371644351.00000281CC8C9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3369061019.00000281CC320000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3372896980.0000025A29EFE000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3369327145.0000025A29801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html
Source: wse.exe, 0000000C.00000002.3376741784.00000281CD410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: wse.exe, 0000000C.00000002.3393177284.00007FFB97AC9000.00000002.00000001.01000000.00000028.sdmpString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-supportCalling
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.waffleinfo.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://domain.v.ua/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dyn.com/dns/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynv6.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://e4you.cz/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecgrobotics.org
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://en-root.org
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eu.org/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://faitid.org/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fastvps.ru/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://featherhead.xyz/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fedoraproject.org/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fermax.com/
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filepreviews.io/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://flynn.io
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://frederik-braun.com
Source: wse.exe, 0000000C.00000003.1630432812.00000281C9F02000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630992184.00000281C9EF1000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3364857147.00000281C9E80000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000003.1788819886.0000025A274DD000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000003.1789069942.0000025A274DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/astral-sh/ruff
Source: wse.exe, 0000000C.00000002.3386458049.00000281CE940000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3386816247.00000281CEA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bottlepy/bottle/commit/fa7733e075da0d790d809aa3d2f53071897e6f76
Source: wse.exe, 0000000C.00000002.3377003009.00000281CD4D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mitmproxy/mitmproxy/issues
Source: wse.exe, 0000000B.00000003.1614072309.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mitmproxy/mitmproxy/issues/2054
Source: wse.exe, 0000000C.00000002.3383493554.00000281CE290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mitmproxy/mitmproxy/issues/4799
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/orgs/python-hyper/people
Source: wse.exe, 0000000C.00000002.3371644351.00000281CC8C9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3372896980.0000025A29F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pallets/cachelib
Source: wse.exe, 0000000B.00000003.1609750068.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pallets/itsdangerous/
Source: wse.exe, 0000000B.00000003.1586395870.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1757586189.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pallets/markupsafe/
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: wse.exe, 0000000C.00000002.3376445710.00000281CD330000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3376688861.0000025A2A790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: wse.exe, 0000000C.00000002.3373723792.00000281CCCB0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3371340310.00000281CC770000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3371639013.0000025A29BD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: wse.exe, 0000000C.00000002.3373723792.00000281CCCB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingut__.pyc2
Source: wse.exe, 0000000C.00000002.3371644351.00000281CC966000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3372896980.0000025A29EFE000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3369327145.0000025A29801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1340)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1358)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1365)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1372)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1383)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1385)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/wiki/Extensions-to-attrs)
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-hyper/h2
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-hyper/h2/actions
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-hyper/h2/workflows/CI/badge.svg
Source: wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3366021774.00000281CB870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630992184.00000281C9EF1000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3364857147.00000281C9E80000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000003.1788819886.0000025A274DD000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000003.1789069942.0000025A274DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: wse.exe, 0000000C.00000003.1630432812.00000281C9F02000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630992184.00000281C9EF1000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3364857147.00000281C9E80000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000003.1788819886.0000025A274DD000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000003.1789069942.0000025A274DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: wse.exe, 0000000C.00000002.3369061019.00000281CC43E000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1641208283.00000281CC3FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/mypy/issues/3216
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/hynek
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/hynek).
Source: wse.exe, 0000000C.00000003.1630432812.00000281C9F02000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630010046.00000281C9F4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1630992184.00000281C9EF1000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3364857147.00000281C9E80000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000003.1788819886.0000025A274DD000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000003.1789069942.0000025A274DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitter.im/python-hyper/community
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://glitch.com
Source: wse.exe, 0000000C.00000002.3389319258.00000281CEF40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://graphics.stanford.edu/~seander/bithacks.html#VariableSignExtend
Source: wse.exe, 0000000C.00000002.3374863253.00000281CCF50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://guardflares.com/searchv2?q=
Source: wse.exe, 0000000C.00000002.3374863253.00000281CCF50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://guardflares.com/searchv2?q=).exe
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gwiddlefoundation.org.uk
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://h2.readthedocs.io
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://h2.readthedocs.io/en/latest/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://handshake.org
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hashbang.sh
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hasura.io
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hb.cldmail.ru
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hosting.url.com.tw/
Source: wse.exe, 0000000C.00000002.3379013701.00000281CDAD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/#multipart-form-data
Source: wse.exe, 0000000C.00000002.3379013701.00000281CDAD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpwg.org/specs/rfc9110.html#parameter
Source: wse.exe, 0000000C.00000002.3379013701.00000281CDAD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpwg.org/specs/rfc9110.html#quoted.strings
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hynek.me/articles/import-attrs/)
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/chat-join_now-brightgreen.svg
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iserv.eu
Source: wse.exe, 0000000B.00000003.1609750068.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://itsdangerous.palletsprojects.com/
Source: wse.exe, 0000000B.00000003.1609750068.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://itsdangerous.palletsprojects.com/changes/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://king.host
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klaviyo.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kuroku.ltd/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lelux.fi/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://linki.tools
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://linode.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lubman.pl/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lug.org.uk
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lukanet.com
Source: wse.exe, 0000000C.00000002.3378770229.00000281CDA2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: wse.exe, 0000000B.00000003.1586395870.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1757586189.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://markupsafe.palletsprojects.com/
Source: wse.exe, 0000000B.00000003.1586395870.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1757586189.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://markupsafe.palletsprojects.com/changes/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mayfirst.org/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://names.of.london/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nctu.me/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ngrok.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nodeart.io
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nodum.io/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://noip.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://now-dns.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nucleos.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nymnom.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observablehq.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://openshift.redhat.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pagefog.com/
Source: wse.exe, 0000000B.00000003.1609750068.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1757586189.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://palletsprojects.com/donate
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pantheon.io/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pepabo.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://perspecta.com/
Source: wse.exe, 0000000C.00000002.3389172703.00000281CEF00000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3389319258.00000281CEF40000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3388968182.0000025A2C360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://philip.html5.org/tests/apng/tests.html
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pixolino.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://platform.sh
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://polar.sh/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://port53.io/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ppcom.fr
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://prgmr.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://protocol.ai/
Source: wse.exe, 0000000B.00000003.1615772095.000001A9B25DA000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1615772095.000001A9B25D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://publicsuffix.org/
Source: wse.exe, 0000000B.00000003.1615772095.000001A9B25DA000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1615772095.000001A9B25D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://publicsuffix.org/list/public_suffix_list.dat
Source: wse.exe, 0000000C.00000002.3376644468.00000281CD3D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyopenssl.org/
Source: wse.exe, 0000000C.00000002.3376644468.00000281CD3D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyopenssl.org/?
Source: wse.exe, 0000000C.00000002.3384615550.00000281CE490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/attrs/)
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/importlib_metadata
Source: wse.exe, 0000000C.00000002.3371644351.00000281CC8C9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3372896980.0000025A29F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/python-memcached/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qualifio.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://quip.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rancher.com
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.github.com/python-hyper/documentation/master/source/logo/hyper-black-bg-white.png
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svg
Source: wse.exe, 0000000B.00000003.1604121214.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1768072330.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: wse.exe, 0000000B.00000003.1608698430.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1772226515.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/h2/badge/?version=latest
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://render.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repl.it
Source: wse.exe, 0000000C.00000002.3386458049.00000281CE940000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3386816247.00000281CEA00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reqrypt.org/windivert-doc.html#divert_helper_calc_checksums
Source: wse.exe, 0000000C.00000002.3371644351.00000281CC966000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3380976846.0000025A2B2CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reqrypt.org/windivert-doc.html#divert_helper_check_filter
Source: wse.exe, 0000000C.00000002.3371644351.00000281CC966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reqrypt.org/windivert-doc.html#divert_helper_eval_filter
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reqrypt.org/windivert.html
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://resin.io
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandcats.io/
Source: wse.exe, 0000000C.00000002.3371644351.00000281CC8C9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1641553720.00000281CC918000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000003.1642294879.00000281CC931000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sans-io.readthedocs.io/).
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://schokokeks.org/
Source: wse.exe, 0000000C.00000003.1634170208.00000281CC3CF000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3369061019.00000281CC320000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3369327145.0000025A29801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.readthedocs.io/en/latest/pkg_resources.html#basic-resource-access
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shiftedit.net/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://skygear.io/
Source: wse.exe, 0000000C.00000002.3371644351.00000281CC8C9000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3369061019.00000281CC320000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3372896980.0000025A29EFE000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3369327145.0000025A29801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/tagged/python-attrs)
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://static.land
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stdlib.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://storj.io/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://symfony.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://syncloud.org
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telebit.cloud
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.000000000571F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyou
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.00000000056F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyou#
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.00000000056F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyou)
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyou3
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.0000000005690000.00000004.00000020.00020000.00000000.sdmp, MSI1F5A.tmp, 00000006.00000002.1543700210.00000000054C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyouC:
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.00000000056F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyouE
Source: setups.exe, 00000000.00000003.1503135254.0000000004FF7000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503050730.0000000004FEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyouO
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.00000000056BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyouk
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.00000000056BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyoul
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyourUhy
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.0000000005709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyourosoft
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyous
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.00000000056F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyousz
Source: MSI1F5A.tmp, 00000006.00000002.1544010419.000000000571F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyouws
Source: MSI1F5A.tmp, 00000006.00000002.1544260357.0000000007499000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://telixsearch.com/thankyouy
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://thingdust.com/
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
Source: wse.exe, 0000000B.00000003.1609209970.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1773289941.000001B52D8A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tlon.io
Source: wse.exe, 0000000C.00000002.3375454313.00000281CD0C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-5.3).
Source: wse.exe, 0000000C.00000002.3369061019.00000281CC43E000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3372761233.00000281CCB4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7541#section-7.1.3
Source: wse.exe, 0000000C.00000002.3369061019.00000281CC43E000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3371644351.00000281CC7F0000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3372761233.00000281CCB4F000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3372896980.0000025A29EFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7838
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uberspace.de
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ulterius.io/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://united-gameserver.de
Source: wse.exe, 0000000C.00000002.3370463720.00000281CC5E0000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3370602640.00000281CC620000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3373723792.00000281CCCB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://voorloper.com
Source: wse.exe, 0000000C.00000002.3389872812.00000281CF220000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20170802060935/http://oss.sgi.com/projects/ogl-sample/registry/EXT/textu
Source: wse.exe, 0000000C.00000002.3389319258.00000281CEF40000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3389035165.00000281CEEC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.mozilla.org/APNG_Specification#.60acTL.60:_The_Animation_Control_Chunk
Source: wse.exe, 0000000C.00000002.3389319258.00000281CEF40000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3389035165.00000281CEEC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.mozilla.org/APNG_Specification#.60fcTL.60:_The_Frame_Control_Chunk
Source: wse.exe, 0000000C.00000002.3389172703.00000281CEF00000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3389319258.00000281CEF40000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3388968182.0000025A2C360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.mozilla.org/APNG_Specification#.60fdAT.60:_The_Frame_Data_Chunk
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wikitech.wikimedia.org
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.NearlyFreeSpeech.NET/
Source: wse.exe, 0000000B.00000003.1603811043.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1767484587.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: wse.exe, 0000000B.00000003.1603910138.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1603811043.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1603811043.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1767609281.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1767408192.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1767484587.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/FilePreviews.svg
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Klaviyo.svg
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Polar.svg
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Tidelift.svg
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/Variomedia.svg
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.3.0/_static/sponsors/emsys-renewables.svg
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/latest/names.html)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/changelog.html
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/changelog.html)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/comparison.html#customization)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization)
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601522287.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1601428083.000001A9B25E3000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765423310.000001B52D8B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/why.html#data-classes)
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloud.service.gov.uk/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cyon.ch/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.danieldent.com/)
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.datawire.io
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.datto.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ddnss.de/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.debian.org/
Source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1612293598.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000B.00000003.1610482042.000001A9B25E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dnshome.de/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dotarai.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.draytek.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.drud.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dynu.com/
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.emsys-renewables.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.enalean.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.filegear.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.flexireg.net/stat_info
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.freedesktop.org
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gehirn.co.jp/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gentlent.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gov.scot
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gov.uk/government/organisations/home-office
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gov.uk/service-manual/operations/operating-servicegovuk-subdomains
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.group53.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hepforge.org
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.heroku.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hostbip.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.in-berlin.de/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ipifony.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.jino.ru
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.joyent.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.keyweb.de
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.lcube-webhosting.de
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leadpages.net
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linkyard.ch/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.loginline.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.memset.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metacentrum.cz/en/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.meteor.com/hosting
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msk-ix.ru/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nabucasa.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.netlify.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nimbushosting.co.uk/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nsupdate.info/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.omnibond.com
Source: wse.exe, 0000000B.00000003.1612478224.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3396230248.00007FFB98257000.00000002.00000001.01000000.0000001A.sdmp, wse.exe, 0000000C.00000002.3408012488.00007FFBBB76A000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.openssl.org/H
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pagefronthq.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.planet-work.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.privacytools.io/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pubtls.org
Source: wse.exe, 0000000C.00000002.3378770229.00000281CDA2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: wse.exe, 0000000B.00000003.1602145678.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3368449154.00000281CC200000.00000004.00001000.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765935448.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: wse.exe, 0000000C.00000002.3385429657.00000281CE6A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0506/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.qnap.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rackmaze.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.readthedocs.org
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.redstarconsultants.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rethinkdb.com/
Source: wse.exe, 0000000C.00000002.3379013701.00000281CDAD4000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3372761233.00000281CCB70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc2231#section-3
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sbe.de/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.securepoint.de
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.shopitcommerce.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.siteleaf.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sourcelair.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.spacekit.io/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.speedpartner.de/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.srcf.net/
Source: setups.exe, 00000000.00000003.1503754165.0000000005017000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1502664664.0000000004FCE000.00000004.00000020.00020000.00000000.sdmp, setups.exe, 00000000.00000003.1503784600.0000000005023000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ssl.com/repository0
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.stackhero.io
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.synology.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.teckids.org
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.trafficplex.de/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.transip.nl
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.twodns.de/
Source: wse.exe, 0000000B.00000003.1601428083.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765341836.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1765283610.000001B52D8AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.variomedia.de/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.virtual-info.info/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.wdc.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.webhare.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.wedeploy.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.xs4all.nl/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.yola.com/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.zitcom.dk
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xenoncloud.net
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yescourse.com
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yombo.net
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yunohost.org
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zeit.domains/
Source: wse.exe, 0000000B.00000003.1615924823.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zine.bg/
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443

E-Banking Fraud

barindex
Registers a new ROOT certificate
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\certutil.exe "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy\mitmproxy-ca-cert.pemstartup_19
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\certutil.exe "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy\mitmproxy-ca-cert.pemb_205944ee5Jump to behavior
Sets a proxy for the internet explorer
Source: C:\Program Files (x86)\Secure\Installer\wse.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ProxyServerJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\.mitmproxy\mitmproxy-ca-cert.p12Jump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy\mitmproxy-ca-cert.p12Jump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\.mitmproxy\mitmproxy-ca.p12Jump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\.mitmproxy\mitmproxy-ca.p12Jump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\.mitmproxy\mitmproxy-ca-cert.p12Jump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy\mitmproxy-ca.p12Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

barindex
Enables a proxy for the internet explorer
Source: C:\Program Files (x86)\Secure\Installer\wse.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ProxyEnableJump to behavior
Sets a proxy for the internet explorer
Source: C:\Program Files (x86)\Secure\Installer\wse.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ProxyServerJump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008621C0 NtdllDefWindowProc_W,0_2_008621C0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006C8020 GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,NtdllDefWindowProc_W,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W,0_2_006C8020
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00744570 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_00744570
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006C87F0 SysFreeString,SysAllocString,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,SysFreeString,0_2_006C87F0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006C8EA0 NtdllDefWindowProc_W,0_2_006C8EA0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006D2FC0 NtdllDefWindowProc_W,0_2_006D2FC0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006E1040 NtdllDefWindowProc_W,0_2_006E1040
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006CB0A0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow,0_2_006CB0A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006D3130 IsWindow,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_006D3130
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006EF3F0 NtdllDefWindowProc_W,0_2_006EF3F0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007AF3A0 NtdllDefWindowProc_W,0_2_007AF3A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006DB650 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection,0_2_006DB650
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006CB890 NtdllDefWindowProc_W,0_2_006CB890
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006CBEF0 NtdllDefWindowProc_W,0_2_006CBEF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A35FF0 AcquireSRWLockExclusive,ReleaseSRWLockExclusive,AcquireSRWLockExclusive,NtCancelIoFileEx,NtDeviceIoControlFile,RtlNtStatusToDosError,AcquireSRWLockExclusive,ReleaseSRWLockExclusive,AcquireSRWLockExclusive,ReleaseSRWLockExclusive,ReleaseSRWLockExclusive,RtlNtStatusToDosError,ReleaseSRWLockExclusive,12_2_00007FFB97A35FF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A36F80 NtCancelIoFileEx,RtlNtStatusToDosError,12_2_00007FFB97A36F80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A35FF0: AcquireSRWLockExclusive,ReleaseSRWLockExclusive,AcquireSRWLockExclusive,NtCancelIoFileEx,NtDeviceIoControlFile,RtlNtStatusToDosError,AcquireSRWLockExclusive,ReleaseSRWLockExclusive,AcquireSRWLockExclusive,ReleaseSRWLockExclusive,ReleaseSRWLockExclusive,RtlNtStatusToDosError,ReleaseSRWLockExclusive,12_2_00007FFB97A35FF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll\WinDivert32.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\471cd5.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E4C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EBA.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EEA.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F1A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F5A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI25E3.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2622.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{0A11F234-58BA-4824-8D87-1859270DECCC}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2F3B.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\471cd8.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\471cd8.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI1E4C.tmpJump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008785200_2_00878520
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0082C7300_2_0082C730
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008308300_2_00830830
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006F53600_2_006F5360
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0081D3900_2_0081D390
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006B14900_2_006B1490
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006E1CB00_2_006E1CB0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00859E600_2_00859E60
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008820400_2_00882040
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008C45E00_2_008C45E0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006E25100_2_006E2510
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006FA5E00_2_006FA5E0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006F87E00_2_006F87E0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008789900_2_00878990
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008F4BE00_2_008F4BE0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006F0B100_2_006F0B10
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006E8C300_2_006E8C30
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006E4D430_2_006E4D43
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00820E900_2_00820E90
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009072E90_2_009072E9
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008CB2000_2_008CB200
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007492900_2_00749290
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006B33E00_2_006B33E0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006E74100_2_006E7410
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006FF4A00_2_006FF4A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009015D00_2_009015D0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006DD6700_2_006DD670
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006D36700_2_006D3670
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007076800_2_00707680
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008797A00_2_008797A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0086F8900_2_0086F890
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_009019300_2_00901930
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006B7A000_2_006B7A00
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00877C100_2_00877C10
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006F1D700_2_006F1D70
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008EBDAE0_2_008EBDAE
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007F1DB00_2_007F1DB0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00841E300_2_00841E30
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00819E600_2_00819E60
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00863FB00_2_00863FB0
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_0098A12C6_2_0098A12C
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_009A02306_2_009A0230
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_009A05906_2_009A0590
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_009975E96_2_009975E9
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_009987D36_2_009987D3
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_0096D7506_2_0096D750
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_0098B9B06_2_0098B9B0
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_00991ACD6_2_00991ACD
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_0099FBE46_2_0099FBE4
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_00993C1C6_2_00993C1C
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_009A5E996_2_009A5E99
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_00993FB56_2_00993FB5
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_00991F0C6_2_00991F0C
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_00995F506_2_00995F50
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662708BD011_2_00007FF662708BD0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66270A34B11_2_00007FF66270A34B
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662725C7011_2_00007FF662725C70
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627269D411_2_00007FF6627269D4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66272093811_2_00007FF662720938
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66270100011_2_00007FF662701000
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662711BC011_2_00007FF662711BC0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66270A4E411_2_00007FF66270A4E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66270AD1D11_2_00007FF66270AD1D
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662712C8011_2_00007FF662712C80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662723C8011_2_00007FF662723C80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66272648811_2_00007FF662726488
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66272093811_2_00007FF662720938
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627121D411_2_00007FF6627121D4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662713A1411_2_00007FF662713A14
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66271815411_2_00007FF662718154
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627119B411_2_00007FF6627119B4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66271DACC11_2_00007FF66271DACC
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662711FD011_2_00007FF662711FD0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66271880411_2_00007FF662718804
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66271DF6011_2_00007FF66271DF60
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66272979811_2_00007FF662729798
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627117B011_2_00007FF6627117B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627218E411_2_00007FF6627218E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66272411C11_2_00007FF66272411C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66270987011_2_00007FF662709870
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662711DC411_2_00007FF662711DC4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66271E5E011_2_00007FF66271E5E0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66271361011_2_00007FF662713610
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662715DA011_2_00007FF662715DA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662725EEC11_2_00007FF662725EEC
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662719F1011_2_00007FF662719F10
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66270A34B12_2_00007FF66270A34B
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF6627269D412_2_00007FF6627269D4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66270100012_2_00007FF662701000
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF662711BC012_2_00007FF662711BC0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF662708BD012_2_00007FF662708BD0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66270A4E412_2_00007FF66270A4E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66270AD1D12_2_00007FF66270AD1D
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF662725C7012_2_00007FF662725C70
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF662712C8012_2_00007FF662712C80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF662723C8012_2_00007FF662723C80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66272648812_2_00007FF662726488
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66272093812_2_00007FF662720938
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF6627121D412_2_00007FF6627121D4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF662713A1412_2_00007FF662713A14
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66272093812_2_00007FF662720938
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66271815412_2_00007FF662718154
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF6627119B412_2_00007FF6627119B4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66271DACC12_2_00007FF66271DACC
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF662711FD012_2_00007FF662711FD0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66271880412_2_00007FF662718804
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66271DF6012_2_00007FF66271DF60
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66272979812_2_00007FF662729798
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF6627117B012_2_00007FF6627117B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF6627218E412_2_00007FF6627218E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66272411C12_2_00007FF66272411C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66270987012_2_00007FF662709870
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF662711DC412_2_00007FF662711DC4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66271E5E012_2_00007FF66271E5E0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66271361012_2_00007FF662713610
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF662715DA012_2_00007FF662715DA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF662725EEC12_2_00007FF662725EEC
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF662719F1012_2_00007FF662719F10
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB9785189012_2_00007FFB97851890
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB978512C012_2_00007FFB978512C0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB9798789012_2_00007FFB97987890
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A3B74012_2_00007FFB97A3B740
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979876C012_2_00007FFB979876C0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A8A6B012_2_00007FFB97A8A6B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A3369012_2_00007FFB97A33690
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB9798754012_2_00007FFB97987540
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A3459012_2_00007FFB97A34590
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979C456012_2_00007FFB979C4560
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB9799357012_2_00007FFB97993570
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979AF50012_2_00007FFB979AF500
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A8249012_2_00007FFB97A82490
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB9798848012_2_00007FFB97988480
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97AC146012_2_00007FFB97AC1460
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979873E012_2_00007FFB979873E0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A6634012_2_00007FFB97A66340
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979C238B12_2_00007FFB979C238B
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A4723012_2_00007FFB97A47230
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979D323012_2_00007FFB979D3230
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979BE28412_2_00007FFB979BE284
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979BE27D12_2_00007FFB979BE27D
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A2C28012_2_00007FFB97A2C280
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979BE28B12_2_00007FFB979BE28B
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979BE29212_2_00007FFB979BE292
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A3326012_2_00007FFB97A33260
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A721A012_2_00007FFB97A721A0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A8F21012_2_00007FFB97A8F210
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A6F18012_2_00007FFB97A6F180
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A820D012_2_00007FFB97A820D0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A770B012_2_00007FFB97A770B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979C20EB12_2_00007FFB979C20EB
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979BE08012_2_00007FFB979BE080
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97972FC712_2_00007FFB97972FC7
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A35FF012_2_00007FFB97A35FF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A76F3012_2_00007FFB97A76F30
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979DEF8012_2_00007FFB979DEF80
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97990F9012_2_00007FFB97990F90
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A2BE3012_2_00007FFB97A2BE30
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A32DC012_2_00007FFB97A32DC0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97AC7DC012_2_00007FFB97AC7DC0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97AC1DA012_2_00007FFB97AC1DA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97AADDA012_2_00007FFB97AADDA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A92E0012_2_00007FFB97A92E00
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A25D6012_2_00007FFB97A25D60
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97991C3012_2_00007FFB97991C30
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97988C9012_2_00007FFB97988C90
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A3ABE012_2_00007FFB97A3ABE0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97ABFB9012_2_00007FFB97ABFB90
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97A33AF012_2_00007FFB97A33AF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979928D012_2_00007FFB979928D0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97B43FE012_2_00007FFB97B43FE0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97B4668012_2_00007FFB97B46680
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97B43D2012_2_00007FFB97B43D20
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F154CF12_2_00007FFB97F154CF
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F14AC512_2_00007FFB97F14AC5
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1216C12_2_00007FFB97F1216C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F159F712_2_00007FFB97F159F7
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F14F3E12_2_00007FFB97F14F3E
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1638E12_2_00007FFB97F1638E
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1213512_2_00007FFB97F12135
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F153C112_2_00007FFB97F153C1
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB980B1AD012_2_00007FFB980B1AD0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB980C9B9012_2_00007FFB980C9B90
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F150AB12_2_00007FFB97F150AB
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F135FD12_2_00007FFB97F135FD
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F13A8512_2_00007FFB97F13A85
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1736A12_2_00007FFB97F1736A
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1725712_2_00007FFB97F17257
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F11D8312_2_00007FFB97F11D83
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1298212_2_00007FFB97F12982
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F11CFD12_2_00007FFB97F11CFD
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1383212_2_00007FFB97F13832
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1266C12_2_00007FFB97F1266C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F12D0B12_2_00007FFB97F12D0B
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F13BA212_2_00007FFB97F13BA2
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB9804601012_2_00007FFB98046010
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F172AC12_2_00007FFB97F172AC
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1162212_2_00007FFB97F11622
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1144C12_2_00007FFB97F1144C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1318912_2_00007FFB97F13189
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F11F9612_2_00007FFB97F11F96
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB9805117012_2_00007FFB98051170
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB9803D17012_2_00007FFB9803D170
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F3520012_2_00007FFB97F35200
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F2D26012_2_00007FFB97F2D260
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F168CA12_2_00007FFB97F168CA
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB980C93C012_2_00007FFB980C93C0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1710D12_2_00007FFB97F1710D
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F153A812_2_00007FFB97F153A8
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F144C612_2_00007FFB97F144C6
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F15BF012_2_00007FFB97F15BF0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1560F12_2_00007FFB97F1560F
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F15F1012_2_00007FFB97F15F10
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1428712_2_00007FFB97F14287
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1504712_2_00007FFB97F15047
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1551012_2_00007FFB97F15510
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F13A8F12_2_00007FFB97F13A8F
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F115C812_2_00007FFB97F115C8
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F154CA12_2_00007FFB97F154CA
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB980517A012_2_00007FFB980517A0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1656412_2_00007FFB97F16564
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1542F12_2_00007FFB97F1542F
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1129912_2_00007FFB97F11299
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F122AC12_2_00007FFB97F122AC
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1177B12_2_00007FFB97F1177B
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1275C12_2_00007FFB97F1275C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F14A5312_2_00007FFB97F14A53
Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Secure\Installer\wse.exe 8D77A0AF88FAD3A00C61ED8FFD7A685753B516FEFB1F3A7B96860FEC6241897A
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe 8D77A0AF88FAD3A00C61ED8FFD7A685753B516FEFB1F3A7B96860FEC6241897A
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FFB97F14057 appears 220 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FFB97F1483B appears 40 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FF662702910 appears 34 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FFB97F11EF1 appears 505 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FFB97AC0370 appears 567 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FFB97F12A04 appears 87 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FF662702710 appears 104 times
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: String function: 00007FFB97F12734 appears 123 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 006B8720 appears 56 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 008E3254 appears 39 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 006BA7A0 appears 59 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 00807E40 appears 32 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 006B9240 appears 123 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 006C3440 appears 35 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 006BADE0 appears 66 times
Source: C:\Users\user\Desktop\setups.exeCode function: String function: 006BB300 appears 40 times
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: String function: 0098A47C appears 103 times
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: String function: 0098A840 appears 40 times
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: String function: 0098A4AF appears 72 times
Source: setups.exeStatic PE information: invalid certificate
Source: _overlapped.pyd.11.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.11.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.21.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.21.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.21.drStatic PE information: No import functions for PE file found
Source: python3.dll.11.drStatic PE information: No import functions for PE file found
Source: setups.exe, 00000000.00000000.1495404298.0000000000A45000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameusing python exe.exe4 vs setups.exe
Source: setups.exe, 00000000.00000003.1514769489.000000000958A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs setups.exe
Source: setups.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal100.bank.troj.adwa.evad.winEXE@47/412@22/11
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00818F40 FormatMessageW,GetLastError,0_2_00818F40
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0084DA00 GetDiskFreeSpaceExW,0_2_0084DA00
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00820210 CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,CloseHandle,0_2_00820210
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008668C0 CoCreateInstance,0_2_008668C0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006BA660 LoadResource,LockResource,SizeofResource,0_2_006BA660
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\SecureJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Roaming\SecureJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3976:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5848:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7232:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7872:120:WilError_03
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\shi196A.tmpJump to behavior
Source: setups.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\setups.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\setups.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: setups.exeReversingLabs: Detection: 42%
Source: setups.exeVirustotal: Detection: 44%
Source: C:\Users\user\Desktop\setups.exeFile read: C:\Users\user\Desktop\setups.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\setups.exe "C:\Users\user\Desktop\setups.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6F02A3AA79145ED665DA8A00CBEE4BBB C
Source: C:\Users\user\Desktop\setups.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\Secure\Installer 5\install\using python exe.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\setups.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1737552950 "
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4411FD9037671958950F8C5C5D45F5D3
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI1F5A.tmp "C:\Windows\Installer\MSI1F5A.tmp" https://telixsearch.com/thankyou
Source: C:\Windows\Installer\MSI1F5A.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://telixsearch.com/thankyou
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1896,i,14492340572804942828,11628157591585830071,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\certutil.exe "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy\mitmproxy-ca-cert.pem
Source: C:\Windows\System32\certutil.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\setups.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\Secure\Installer 5\install\using python exe.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\setups.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1737552950 " Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6F02A3AA79145ED665DA8A00CBEE4BBB CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4411FD9037671958950F8C5C5D45F5D3Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI1F5A.tmp "C:\Windows\Installer\MSI1F5A.tmp" https://telixsearch.com/thankyouJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"Jump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://telixsearch.com/thankyouJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1896,i,14492340572804942828,11628157591585830071,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\certutil.exe "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy\mitmproxy-ca-cert.pemJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\setups.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: davhlpr.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: lpk.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: msisip.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\setups.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: msi.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: version.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: msiso.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: slc.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: sppc.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: twext.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: mlang.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: edputil.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: slc.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: sppc.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\certutil.exeSection loaded: certcli.dll
Source: C:\Windows\System32\certutil.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\certutil.exeSection loaded: cryptui.dll
Source: C:\Windows\System32\certutil.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\certutil.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\certutil.exeSection loaded: ntdsapi.dll
Source: C:\Windows\System32\certutil.exeSection loaded: version.dll
Source: C:\Windows\System32\certutil.exeSection loaded: secur32.dll
Source: C:\Windows\System32\certutil.exeSection loaded: certca.dll
Source: C:\Windows\System32\certutil.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\certutil.exeSection loaded: samcli.dll
Source: C:\Windows\System32\certutil.exeSection loaded: logoncli.dll
Source: C:\Windows\System32\certutil.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\certutil.exeSection loaded: netutils.dll
Source: C:\Windows\System32\certutil.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\certutil.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\certutil.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\certutil.exeSection loaded: profapi.dll
Source: C:\Windows\System32\certutil.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\certutil.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\certutil.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libffi-7.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libcrypto-1_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libssl-1_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: iconcodecservice.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libffi-7.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libcrypto-1_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: libssl-1_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: iconcodecservice.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\setups.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Google Drive.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: setups.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: setups.exeStatic file information: File size 26457696 > 1048576
Source: setups.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2c7c00
Source: setups.exeStatic PE information: More than 200 imports for KERNEL32.dll
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: setups.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: setups.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: wse.exe, 0000000C.00000002.3400065063.00007FFB9A14D000.00000002.00000001.01000000.0000002B.sdmp, wse.exe, 00000016.00000002.3391750184.00007FFB9638D000.00000002.00000001.01000000.00000050.sdmp
Source: Binary string: wininet.pdb source: setups.exe, 00000000.00000003.1514769489.000000000958A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: wse.exe, 0000000C.00000002.3402121443.00007FFBAB075000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: signToolcAToolsignToolCertcAToolCertISSUER_SIGN_TOOLv2i_issuer_sign_toolcrypto\x509\v3_ist.ci2r_issuer_sign_tool%*ssignTool : %*scATool : %*ssignToolCert: %*scAToolCert : compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: PKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excrypto\bio\bio_sock.cBIO_sock_initcalling wsastartup()BIO_socket_ioctlcalling ioctlsocket()i2d_ASN1_bio_streamcrypto\asn1\asn_mime.cB64_write_ASN1-----BEGIN %s----- source: wse.exe, 0000000C.00000002.3394003185.00007FFB97DF8000.00000002.00000001.01000000.00000021.sdmp, wse.exe, 00000016.00000002.3395666718.00007FFB96B78000.00000002.00000001.01000000.00000046.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdbE source: MSI1F5A.tmp, 00000006.00000002.1543241105.00000000009B0000.00000002.00000001.01000000.00000009.sdmp, MSI1F5A.tmp, 00000006.00000000.1529983812.00000000009B0000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3404635060.00007FFBB4FAD000.00000002.00000001.01000000.00000013.sdmp, wse.exe, 00000015.00000003.1763872516.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: wse.exe, 0000000B.00000003.1623148169.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3409360517.00007FFBBC344000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\cryptography\cryptography\cryptography-38.0.4\src\rust\target\release\deps\cryptography_rust.pdb source: wse.exe, 0000000C.00000002.3403479212.00007FFBABAF9000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: wse.exe, 0000000B.00000003.1601274622.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3408703358.00007FFBBBE93000.00000002.00000001.01000000.0000001E.sdmp, wse.exe, 00000015.00000003.1765043502.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: wse.exe, 0000000C.00000002.3402121443.00007FFBAB075000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: wse.exe, 0000000B.00000003.1600171478.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3410204040.00007FFBC31D6000.00000002.00000001.01000000.0000001D.sdmp, wse.exe, 00000015.00000003.1764188985.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\install\WDDK\amd64\WinDivert.pdb source: wse.exe, 0000000B.00000003.1616504843.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: wse.exe, 0000000C.00000002.3407792126.00007FFBBB735000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: wse.exe, 0000000B.00000003.1597370527.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3405096046.00007FFBB5C2E000.00000002.00000001.01000000.00000012.sdmp, wse.exe, 00000015.00000003.1761682211.000001B52D8A5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\install\WDDK\i386\WinDivert.pdb source: wse.exe, 0000000B.00000003.1616171409.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wse.exe, 0000000B.00000003.1596143019.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3408356998.00007FFBBB8F5000.00000002.00000001.01000000.00000024.sdmp, wse.exe, 00000015.00000003.1760948740.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: wse.exe, 0000000B.00000003.1599660526.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1764082409.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: wse.exe, 0000000C.00000002.3394003185.00007FFB97DF8000.00000002.00000001.01000000.00000021.sdmp, wse.exe, 00000016.00000002.3395666718.00007FFB96B78000.00000002.00000001.01000000.00000046.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: wse.exe, 0000000C.00000002.3395531409.00007FFB9815F000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: wse.exe, 0000000B.00000003.1600378040.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3409022663.00007FFBBC153000.00000002.00000001.01000000.00000017.sdmp, wse.exe, 00000015.00000003.1764305253.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\windivert1.3\divert-master\install\WDDK\amd64\WinDivert64.pdb source: wse.exe, 0000000B.00000003.1616657712.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: wse.exe, 0000000C.00000002.3410927607.00007FFBC320D000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: wse.exe, 0000000B.00000003.1598954241.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3407232240.00007FFBBB6A7000.00000002.00000001.01000000.00000020.sdmp, wse.exe, 00000015.00000003.1763722359.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: wse.exe, 0000000B.00000003.1599192052.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3404635060.00007FFBB4FAD000.00000002.00000001.01000000.00000013.sdmp, wse.exe, 00000015.00000003.1763872516.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: setups.exe, 00000000.00000000.1495289279.0000000000979000.00000002.00000001.01000000.00000003.sdmp, setups.exe, 00000000.00000002.1596380670.0000000000979000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: c:\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\divert-e69cc09cce3816a9036a409b325fa271ed5b348b\install\WDDK\amd64\WinDivert.pdbH source: wse.exe, 0000000B.00000003.1616504843.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\windivert1.3\divert-master\install\WDDK\i386\WinDivert32.pdb source: wse.exe, 0000000B.00000003.1616370008.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: wse.exe, 0000000C.00000002.3395531409.00007FFB9815F000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wse.exe, 0000000B.00000003.1595745027.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3405842854.00007FFBB5DA1000.00000002.00000001.01000000.0000000E.sdmp, wse.exe, 00000015.00000003.1760810415.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: wse.exe, 0000000C.00000002.3405503118.00007FFBB5CC1000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: wse.exe, 0000000C.00000002.3407792126.00007FFBBB735000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: wse.exe, 0000000C.00000002.3402635439.00007FFBAB115000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: wse.exe, 0000000B.00000003.1617275905.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3409919234.00007FFBBCF52000.00000002.00000001.01000000.0000000F.sdmp, wse.exe, 00000016.00000002.3410306970.00007FFBC3152000.00000002.00000001.01000000.00000034.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: wse.exe, 0000000B.00000003.1600858559.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3404258568.00007FFBB4C49000.00000002.00000001.01000000.00000014.sdmp, wse.exe, 00000015.00000003.1764659966.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000016.00000002.3405888108.00007FFBA9979000.00000002.00000001.01000000.00000039.sdmp
Source: Binary string: wininet.pdbUGP source: setups.exe, 00000000.00000003.1514769489.000000000958A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: wse.exe, 0000000C.00000002.3400065063.00007FFB9A14D000.00000002.00000001.01000000.0000002B.sdmp, wse.exe, 00000016.00000002.3391750184.00007FFB9638D000.00000002.00000001.01000000.00000050.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: wse.exe, 0000000B.00000003.1596315134.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3410543702.00007FFBC31E7000.00000002.00000001.01000000.0000001C.sdmp, wse.exe, 00000015.00000003.1761035350.000001B52D8A4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: wse.exe, 0000000B.00000003.1623830950.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 0000000C.00000002.3391907797.00007FFB9795C000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: wse.exe, 0000000C.00000002.3398568249.00007FFB99873000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\mitmproxy_wireguard\mitmproxy_wireguard\target\release\deps\mitmproxy_wireguard.pdb source: wse.exe, 0000000C.00000002.3393177284.00007FFB97AC9000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: MSI1F5A.tmp, 00000006.00000002.1543241105.00000000009B0000.00000002.00000001.01000000.00000009.sdmp, MSI1F5A.tmp, 00000006.00000000.1529983812.00000000009B0000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: challengeNETSCAPE_SPKACspkacsig_algorcrypto\bn\bn_exp.cBN_mod_exp_recpBN_mod_exp_mont_wordX509V3_EXT_nconf_intcrypto\x509\v3_conf.csection=%s, name=%s, value=%sdo_ext_nconfname=%s,section=%sdo_ext_i2dX509V3_EXT_i2dcritical,DER:ASN1:v3_generic_extensionvalue=%sX509V3_get_sectioncrypto\x509\v3_lib.cX509V3_add1_i2dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.0.7built on: Fri Nov 25 00:13:15 2022 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot available source: wse.exe, 0000000C.00000002.3394003185.00007FFB97DF8000.00000002.00000001.01000000.00000021.sdmp, wse.exe, 00000016.00000002.3395666718.00007FFB96B78000.00000002.00000001.01000000.00000046.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: wse.exe, 0000000C.00000002.3395531409.00007FFB981E1000.00000002.00000001.01000000.0000001A.sdmp
Source: setups.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: setups.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: setups.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: setups.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: setups.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: shi196A.tmp.0.drStatic PE information: 0xC7FEC470 [Wed Apr 29 05:06:56 2076 UTC]
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0082C730 SHGetFolderPathW,GetSystemDirectoryW,GetWindowsDirectoryW,GetWindowsDirectoryW,GetModuleFileNameW,SHGetSpecialFolderLocation,LoadLibraryW,GetProcAddress,GetEnvironmentVariableW,SHGetPathFromIDListW,SHGetMalloc,0_2_0082C730
Source: setups.exeStatic PE information: section name: .didat
Source: setups.exeStatic PE information: section name: .fptable
Source: shi196A.tmp.0.drStatic PE information: section name: .wpp_sf
Source: shi196A.tmp.0.drStatic PE information: section name: .didat
Source: MSI1A17.tmp.0.drStatic PE information: section name: .fptable
Source: MSI1AB4.tmp.0.drStatic PE information: section name: .fptable
Source: MSI1B03.tmp.0.drStatic PE information: section name: .fptable
Source: pre1B43.tmp.0.drStatic PE information: section name: .didat
Source: pre1B43.tmp.0.drStatic PE information: section name: .fptable
Source: MSI1E4C.tmp.2.drStatic PE information: section name: .fptable
Source: MSI1EBA.tmp.2.drStatic PE information: section name: .fptable
Source: MSI1EEA.tmp.2.drStatic PE information: section name: .fptable
Source: MSI1F1A.tmp.2.drStatic PE information: section name: .fptable
Source: MSI1F5A.tmp.2.drStatic PE information: section name: .fptable
Source: MSI25E3.tmp.2.drStatic PE information: section name: .fptable
Source: MSI2622.tmp.2.drStatic PE information: section name: .didat
Source: MSI2622.tmp.2.drStatic PE information: section name: .fptable
Source: libcrypto-1_1.dll.11.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.11.drStatic PE information: section name: .00cfg
Source: VCRUNTIME140.dll.11.drStatic PE information: section name: _RDATA
Source: _imagingft.cp39-win_amd64.pyd.11.drStatic PE information: section name: _RDATA
Source: VCRUNTIME140.dll.21.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.21.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.21.drStatic PE information: section name: .00cfg
Source: _imagingft.cp39-win_amd64.pyd.21.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.25.drStatic PE information: section name: .00cfg
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007F2710 push ecx; mov dword ptr [esp], 3F800000h0_2_007F286C
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006F2F7B push 8BFFFFFEh; iretd 0_2_006F2F8C
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008E389A push ecx; ret 0_2_008E38AD
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006CFDE0 push ecx; mov dword ptr [esp], ecx0_2_006CFDE1
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_0098A459 push ecx; ret 6_2_0098A46C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB979855C2 push r8; ret 12_2_00007FFB979855C4

Persistence and Installation Behavior

barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI1F5A.tmpJump to behavior
Found pyInstaller with non standard icon
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: "C:\Program Files (x86)\Secure\Installer\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Installs new ROOT certificates
Source: C:\Windows\System32\certutil.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\67E19D9AC30690B9C486E84843F8283822E54FA4 Blob
Sample is not signed and drops a device driver
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll\WinDivert32.sysJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll\WinDivert64.sysJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\pydivert\windivert_dll\WinDivert32.sys
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\pydivert\windivert_dll\WinDivert64.sys
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\pydivert\windivert_dll\WinDivert32.sys
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\pydivert\windivert_dll\WinDivert64.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EBA.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_overlapped.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Secure\Installer\wse.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_overlapped.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\VCRUNTIME140.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_asyncio.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\tornado\speedups.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_uuid.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E4C.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\MSVCP140.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_socket.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F1A.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI25E3.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_decimal.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\tornado\speedups.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\python3.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_uuid.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_bz2.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\tornado\speedups.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_elementtree.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\libffi-7.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\MSVCP140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_uuid.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\MSI1A17.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_ssl.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\MSVCP140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\python39.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EEA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\MSI1B03.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_elementtree.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\python39.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_overlapped.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2622.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\libssl-1_1.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\MSI1AB4.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\shi196A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_bz2.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\libffi-7.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\_ctypes.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\libffi-7.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeFile created: C:\Users\user\AppData\Local\Temp\pre1B43.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\_elementtree.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F5A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EBA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EEA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F1A.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2622.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI25E3.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1E4C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F5A.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\MarkupSafe-3.0.2.dist-info\LICENSE.txtJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\itsdangerous-2.2.0.dist-info\LICENSE.txtJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI72362\werkzeug-3.1.3.dist-info\LICENSE.txtJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\MarkupSafe-3.0.2.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\itsdangerous-2.2.0.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52322\werkzeug-3.1.3.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\MarkupSafe-3.0.2.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\itsdangerous-2.2.0.dist-info\LICENSE.txt
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI77962\werkzeug-3.1.3.dist-info\LICENSE.txt
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WSE_DriverJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WSE_DriverJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF662705820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,11_2_00007FF662705820
Source: C:\Users\user\Desktop\setups.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\743AF0529BD032A0F44A83CDD4BAA97B7C2EC49A BlobJump to behavior
Source: C:\Users\user\Desktop\setups.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Installer\MSI1F5A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97B41020 rdtsc 12_2_00007FFB97B41020
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_overlapped.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1EBA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_overlapped.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_ctypes.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_hashlib.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\tornado\speedups.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_uuid.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1E4C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_queue.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_lzma.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1F1A.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_socket.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI25E3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\zstandard\_cffi.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\msgpack\_cmsgpack.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\tornado\speedups.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\python3.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_brotli.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_uuid.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_bz2.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\tornado\speedups.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_elementtree.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_ruamel_yaml.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\python3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_queue.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_imagingcms.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\mitmproxy_wireguard\mitmproxy_wireguard.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_asyncio.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_uuid.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI1A17.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_ssl.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_imagingft.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\pyexpat.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\python39.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_ssl.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1EEA.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\setups.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI1B03.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\markupsafe\_speedups.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\python39.dllJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_elementtree.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_overlapped.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2622.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\pyexpat.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI1AB4.tmpJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\PIL\_imagingmath.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\pydivert\windivert_dll\WinDivert64.dllJump to dropped file
Source: C:\Users\user\Desktop\setups.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi196A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\pydivert\windivert_dll\WinDivert32.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_bz2.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\unicodedata.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll\WinDivert64.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\zstandard\backend_c.cp39-win_amd64.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\_ctypes.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll\WinDivert32.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI77962\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\setups.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\pre1B43.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\_elementtree.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52322\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\setups.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-63528
Source: C:\Windows\Installer\MSI1F5A.tmpAPI coverage: 3.4 %
Source: C:\Program Files (x86)\Secure\Installer\wse.exeAPI coverage: 1.2 %
Source: C:\Program Files (x86)\Secure\Installer\wse.exe TID: 7196Thread sleep count: 154 > 30Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exe TID: 7196Thread sleep time: -154000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 8104Thread sleep count: 151 > 30
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 8104Thread sleep time: -151000s >= -30000s
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 7992Thread sleep count: 143 > 30
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe TID: 7992Thread sleep time: -143000s >= -30000s
Source: C:\Program Files (x86)\Secure\Installer\wse.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Secure\Installer\wse.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\Users\user\AppData\Roaming FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\Users\user\AppData\Roaming\Secure\Installer 5\install FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\Users\user\AppData\Roaming\Secure\Installer 5\install FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00815BA0 FindFirstFileW,GetLastError,FindClose,0_2_00815BA0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0084C5B0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_0084C5B0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00824840 FindFirstFileW,FindClose,FindClose,0_2_00824840
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0084CA30 FindFirstFileW,FindClose,0_2_0084CA30
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00815270 FindFirstFileW,FindFirstFileW,FindClose,FindClose,0_2_00815270
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006D54C0 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,0_2_006D54C0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_007F77A0 FindFirstFileW,FindNextFileW,FindClose,0_2_007F77A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00841E30 FindFirstFileW,FindClose,CloseHandle,CloseHandle,0_2_00841E30
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0083BE70 FindFirstFileW,FindClose,0_2_0083BE70
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_009A1CA0 FindFirstFileExW,6_2_009A1CA0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627092F0 FindFirstFileExW,FindClose,11_2_00007FF6627092F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627083B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,11_2_00007FF6627083B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627218E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,11_2_00007FF6627218E4
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF6627092F0 FindFirstFileExW,FindClose,12_2_00007FF6627092F0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF6627083B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,12_2_00007FF6627083B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF6627218E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00007FF6627218E4
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006F4BB0 GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLastError,0_2_006F4BB0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008DF573 VirtualQuery,GetSystemInfo,0_2_008DF573
Source: wse.exe, 0000000B.00000003.1602532586.000001A9B25D6000.00000004.00000020.00020000.00000000.sdmp, wse.exe, 00000015.00000003.1766469324.000001B52D8A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: wse.exe, 00000016.00000002.3367305691.0000025A29400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWbj t%SystemRoot%\system32\mswsock.dll
Source: wse.exe, 0000000C.00000002.3372761233.00000281CCB70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @author: David Shaw, shawd@vmware.com
Source: wse.exe, 0000000C.00000002.3380179128.00000281CDDC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94
Source: wse.exe, 0000000C.00000002.3364857147.00000281C9E80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97B413B012_2_00007FFB97B413B0
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97B4135012_2_00007FFB97B41350
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1572C12_2_00007FFB97F1572C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F1424112_2_00007FFB97F14241
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97B41020 rdtsc 12_2_00007FFB97B41020
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008E81B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008E81B3
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0080F1A0 GetLocalTime,CreateFileW,GetLastError,OutputDebugStringW,OutputDebugStringW,SetFilePointer,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,0_2_0080F1A0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0082C730 SHGetFolderPathW,GetSystemDirectoryW,GetWindowsDirectoryW,GetWindowsDirectoryW,GetModuleFileNameW,SHGetSpecialFolderLocation,LoadLibraryW,GetProcAddress,GetEnvironmentVariableW,SHGetPathFromIDListW,SHGetMalloc,0_2_0082C730
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008E294E mov esi, dword ptr fs:[00000030h]0_2_008E294E
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008E29BA GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,0_2_008E29BA
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"Jump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006F4B60 __set_se_translator,SetUnhandledExceptionFilter,0_2_006F4B60
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008E81B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008E81B3
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008E343E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_008E343E
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00701A50 __set_se_translator,SetUnhandledExceptionFilter,0_2_00701A50
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_0098A631 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_0098A631
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_0098E67B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_0098E67B
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_0098A7C5 SetUnhandledExceptionFilter,6_2_0098A7C5
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_00989C9D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00989C9D
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66270D37C SetUnhandledExceptionFilter,11_2_00007FF66270D37C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66270D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF66270D19C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66270C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00007FF66270C910
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF66271A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF66271A684
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66270D37C SetUnhandledExceptionFilter,12_2_00007FF66270D37C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66270D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF66270D19C
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66270C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FF66270C910
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FF66271A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF66271A684
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97853568 SetUnhandledExceptionFilter,12_2_00007FFB97853568
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97853380 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FFB97853380
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97852A04 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FFB97852A04
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 12_2_00007FFB97F15A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FFB97F15A1F
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_00967B10 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,GetProcessId,AllowSetForegroundWindow,GetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,AttachThreadInput,Sleep,GetProcessId,Sleep,EnumWindows,BringWindowToTop,WaitForSingleObject,GetExitCodeProcess,6_2_00967B10
Source: C:\Windows\Installer\MSI1F5A.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://telixsearch.com/thankyouJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Program Files (x86)\Secure\Installer\wse.exe "C:\Program Files (x86)\Secure\Installer\wse.exe"Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeProcess created: C:\Windows\System32\certutil.exe "C:\Windows\System32\certutil.exe" -addstore root C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy\mitmproxy-ca-cert.pemJump to behavior
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe "C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exe"
Source: C:\Users\user\AppData\Local\Apps\WSE_Driver\wse.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\setups.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\secure\installer 5\install\using python exe.msi" ai_setupexepath=c:\users\user\desktop\setups.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1737552950 "
Source: C:\Users\user\Desktop\setups.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\secure\installer 5\install\using python exe.msi" ai_setupexepath=c:\users\user\desktop\setups.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1737552950 " Jump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00810490 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,CloseHandle,0_2_00810490
Source: C:\Program Files (x86)\Secure\Installer\wse.exeCode function: 11_2_00007FF6627295E0 cpuid 11_2_00007FF6627295E0
Source: C:\Users\user\Desktop\setups.exeCode function: GetLocaleInfoW,GetLocaleInfoW,0_2_00844220
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: GetLocaleInfoW,6_2_009A51F0
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: EnumSystemLocalesW,6_2_0099F222
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: GetLocaleInfoEx,6_2_009893DC
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_009A5315
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_009A54F7
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: GetLocaleInfoW,6_2_009A541B
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: GetLocaleInfoW,6_2_0099F750
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: GetLocaleInfoEx,FormatMessageA,6_2_00972A11
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: GetACP,IsValidCodePage,GetLocaleInfoW,6_2_009A4B54
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: EnumSystemLocalesW,6_2_009A4EF9
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: EnumSystemLocalesW,6_2_009A4E13
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: EnumSystemLocalesW,6_2_009A4E5E
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_009A4F90
Source: C:\Users\user\Desktop\setups.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\certifi VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\charset_normalizer VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp\static\images VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp\templates\icons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp\templates\icons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp\templates\icons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy\addons\onboardingapp\templates VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\publicsuffix2 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\publicsuffix2 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\pydivert\windivert_dll VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\zstandard VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\.mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\markupsafe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\_socket.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\select.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\_queue.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\base_library.zip VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\setuptools-58.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\attrs-24.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography-38.0.4.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\werkzeug-3.1.3.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\itsdangerous-2.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\importlib_metadata-8.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\PIL\_imaging.cp39-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\_asyncio.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\_overlapped.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\mitmproxy VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362 VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\_uuid.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat\bindings VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat\bindings\_rust.pyd VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Program Files (x86)\Secure\Installer\wse.exe VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Secure\Installer\wse.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI72362\cryptography\hazmat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_0085B4E0 CreateNamedPipeW,CreateFileW,0_2_0085B4E0
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_008E405E GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_008E405E
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_00859E60 GetUserNameW,GetLastError,GetUserNameW,GetEnvironmentVariableW,GetEnvironmentVariableW,RegDeleteValueW,RegCloseKey,RegQueryInfoKeyW,RegCloseKey,RegCloseKey,RegDeleteKeyW,RegCloseKey,RegDeleteValueW,RegCloseKey,0_2_00859E60
Source: C:\Windows\Installer\MSI1F5A.tmpCode function: 6_2_0099FBE4 GetTimeZoneInformation,6_2_0099FBE4
Source: C:\Users\user\Desktop\setups.exeCode function: 0_2_006B7A00 GetVersionExW,GetVersionExW,IsProcessorFeaturePresent,0_2_006B7A00
Source: C:\Users\user\Desktop\setups.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\setups.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\743AF0529BD032A0F44A83CDD4BAA97B7C2EC49A BlobJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		2
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		2
Disable or Modify Tools		1
Network Sniffing		2
System Time Discovery		Remote Services1
Archive Collected Data		3
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Windows Service		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol2
Browser Session Hijacking		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt11
Registry Run Keys / Startup Folder		1
Windows Service		2
Obfuscated Files or Information		Security Account Manager1
Account Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
Process Injection		2
Install Root Certificate		NTDS3
File and Directory Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Registry Run Keys / Startup Folder		1
Timestomp		LSA Secrets1
Network Sniffing		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials37
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion		DCSync141
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job122
Masquerading		Proc Filesystem1
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Modify Registry		/etc/passwd and /etc/shadow2
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Virtualization/Sandbox Evasion		Network Sniffing1
System Owner/User Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
Process Injection		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1596772 Sample: setups.exe Startdate: 22/01/2025 Architecture: WINDOWS Score: 100 91 ocsps.ssl.com 2->91 93 domainmxx6.cfd 2->93 109 Antivirus detection for URL or domain 2->109 111 Multi AV Scanner detection for dropped file 2->111 113 Multi AV Scanner detection for submitted file 2->113 115 5 other signatures 2->115 10 msiexec.exe 85 38 2->10         started        14 wse.exe 2->14         started        16 wse.exe 2->16         started        18 setups.exe 28 2->18         started        signatures3 process4 file5 73 C:\Windows\Installer\MSI2622.tmp, PE32 10->73 dropped 75 C:\Windows\Installer\MSI25E3.tmp, PE32 10->75 dropped 77 C:\Windows\Installer\MSI1F5A.tmp, PE32 10->77 dropped 83 5 other malicious files 10->83 dropped 125 Drops executables to the windows directory (C:\Windows) and starts them 10->125 20 wse.exe 153 10->20         started        24 MSI1F5A.tmp 2 16 10->24         started        26 msiexec.exe 10->26         started        28 msiexec.exe 10->28         started        85 49 other files (42 malicious) 14->85 dropped 127 Multi AV Scanner detection for dropped file 14->127 129 Sample is not signed and drops a device driver 14->129 131 Found pyInstaller with non standard icon 14->131 30 wse.exe 14->30         started        79 C:\Users\...\backend_c.cp39-win_amd64.pyd, PE32+ 16->79 dropped 87 48 other files (41 malicious) 16->87 dropped 32 wse.exe 16->32         started        81 C:\Users\user\AppData\Local\...\pre1B43.tmp, PE32 18->81 dropped 89 4 other files (3 malicious) 18->89 dropped 34 msiexec.exe 4 18->34         started        signatures6 process7 file8 63 C:\Users\...\backend_c.cp39-win_amd64.pyd, PE32+ 20->63 dropped 65 C:\Users\user\...\_cffi.cp39-win_amd64.pyd, PE32+ 20->65 dropped 67 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 20->67 dropped 69 47 other files (40 malicious) 20->69 dropped 117 Sample is not signed and drops a device driver 20->117 36 wse.exe 2 8 20->36         started        41 chrome.exe 9 24->41         started        43 cmd.exe 30->43         started        45 cmd.exe 32->45         started        signatures9 process10 dnsIp11 95 ocsps.ssl.com 18.173.205.113, 49747, 80 MIT-GATEWAYSUS United States 36->95 97 127.0.0.1 unknown unknown 36->97 71 C:\Users\user\AppData\Local\Apps\...\wse.exe, PE32+ 36->71 dropped 119 Registers a new ROOT certificate 36->119 121 Sets a proxy for the internet explorer 36->121 123 Enables a proxy for the internet explorer 36->123 47 certutil.exe 36->47         started        50 cmd.exe 36->50         started        99 192.168.2.8, 137, 138, 443 unknown unknown 41->99 101 239.255.255.250 unknown Reserved 41->101 52 chrome.exe 41->52         started        55 conhost.exe 43->55         started        57 conhost.exe 45->57         started        file12 signatures13 process14 dnsIp15 133 Installs new ROOT certificates 47->133 59 conhost.exe 47->59         started        61 conhost.exe 50->61         started        103 www.google.com 142.250.186.36, 443, 49720, 49755 GOOGLEUS United States 52->103 105 a.nel.cloudflare.com 35.190.80.1, 443, 49725, 49730 GOOGLEUS United States 52->105 107 6 other IPs or domains 52->107 signatures16 process17

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.