Windows Analysis Report
wcz289366876a.exe

Overview

General Information

Sample name:	wcz289366876a.exe
Analysis ID:	1562223
MD5:	e3693d3a0b2bf09076ea7c22a688b82b
SHA1:	706c884385d7eccaa9fc2d2f2e0a96a2cbce7117
SHA256:	35452979315434b7c86b41924800c16604facf528f828b6164ff2cc58a823dcb
Tags:	exemalwaretrojanuser-Joker
Infos:

Detection

Score:	28
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Uses known network protocols on non-standard ports

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Classification

Signatures

Source: wcz289366876a.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: d~/.pdbrcoperty source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_elementtree.pdb source: wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d.pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ~/.pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wcz289366876a.exe, 00000000.00000003.2157023110.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: placed in the .pdbrc file): source: wcz289366876a.exe, 00000003.00000002.3422683787.000002115768A000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422683787.000002115761F000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.0000021157595000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: wcz289366876a.exe, 00000000.00000003.2157023110.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pdb.Pdb source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: -c are executed after commands from .pdbrc files. source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: If a file ".pdbrc" exists in your home directory or in the current source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.0000021157595000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.00000211575BB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wcz289366876a.exe, 00000000.00000003.2157261471.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpdb.Pdb source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Initial commands are read from .pdbrc files in your home directory source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422683787.000002115761F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.9\cmake-build\lib\python3\Release\cv2.pdb source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD90B6A000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: wcz289366876a.exe, 00000003.00000002.3420357783.0000021155E70000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: The standard debugger class (pdb.Pdb) is an example. source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: wcz289366876a.exe, 00000000.00000003.2157261471.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A09280 FindFirstFileExW,FindClose,	0_2_00007FF7E2A09280
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF7E2A083C0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7E2A21874
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A09280 FindFirstFileExW,FindClose,	3_2_00007FF7E2A09280
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	3_2_00007FF7E2A083C0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF7E2A21874

Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI62282\	Jump to behavior

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 48080

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.6:49739 -> 20.2.164.27:48080

Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27

Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive

Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:4444
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:4444/wd/hub
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://198.0.0.1:4444/wd/hub
Source: wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://20.2.164.27:48080/admin-api/ore/auth/getAuth
Source: wcz289366876a.exe, 00000003.00000002.3426686949.000002115E690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://20.2.164.27:48080/admin-api/ore/config/getConf
Source: wcz289366876a.exe, 00000003.00000002.3426686949.000002115E690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://20.2.164.27:48080/admin-api/ore/config/getConf0-j
Source: wcz289366876a.exe, 00000003.00000002.3426686949.000002115E690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://20.2.164.27:48080/admin-api/ore/config/getConfp
Source: wcz289366876a.exe, 00000003.00000002.3426686949.000002115E690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://20.2.164.27:48080/admin-api/ore/config/getConfpRq
Source: wcz289366876a.exe, 00000003.00000002.3420279193.0000021155D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://43.199.41.35:8080/wcz289366876a.exe
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://43.199.41.35:8080/windows.zip
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.co
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://caffe.berkeleyvision.org
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://caffe.berkeleyvision.org/)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://campar.in.tum.de/Chair/HandEyeCalibration).
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316325695.00000211560B7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.00000211564E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: wcz289366876a.exe, 00000003.00000003.2316104775.00000211563BE000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315585576.0000021156417000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315649530.00000211563AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlV
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlCFZ
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeS
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: wcz289366876a.exe, 00000003.00000003.2318288450.0000021156559000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/unittest.html
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar.tar.gz
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar.tgz
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2345099835.0000021156525000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/f
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://homepages.inf.ed.ac.uk/rbf/HIPR2/hough.htm
Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es38
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: wcz289366876a.exe, 00000003.00000002.3421193749.00000211567E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422683787.000002115761F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tip.tcl.tk/48)
Source: wcz289366876a.exe, 00000003.00000003.2345288275.000002115702B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421821788.000002115700F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5234
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6455#section-5.2
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://torch.ch
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://torch.ch/)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://underdestruction.com/2004/02/25/stackblur-2004.
Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlp(
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htmj
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: wcz289366876a.exe, 00000003.00000003.2345288275.000002115708A000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421821788.000002115708A000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: wcz289366876a.exe, 00000003.00000002.3421193749.00000211567E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/7(
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.dai.ed.ac.uk/CVonline/LOCAL_COPIES/MANDUCHI1/Bilateral_Filtering.html
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.gdal.org)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.gdal.org/formats_list.html)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.gdal.org/ogr_formats.html).
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/index.html
Source: wcz289366876a.exe, 00000003.00000003.2316049801.00000211564B8000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316526265.000002115639E000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316325695.000002115611B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.ipol.im/pub/algo/bcm_non_local_means_denoising
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.ipol.im/pub/algo/bcm_non_local_means_denoising/
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2004/em-rdf#
Source: wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.scipy.org/not/real/data.txt
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.xyz.edu/data
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.zlib.net/D
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2345219213.0000021156571000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156559000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://arxiv.org/abs/1704.04503
Source: METADATA0.0.dr	String found in binary or memory: https://blog.jaraco.com/skeleton
Source: wcz289366876a.exe, 00000003.00000002.3421438604.0000021156B20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue44497.
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromedevtools.github.io/devtools-protocol/
Source: wcz289366876a.exe, 00000003.00000002.3423072268.0000021157AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromedriver.storage.googleapis.com
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASE
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASEnagerver
Source: wcz289366876a.exe, 00000003.00000002.3423072268.0000021157AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromedriver.storage.googleapis.comePY
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://coveralls.io/github/agronholm/typeguard?branch=master
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://coveralls.io/repos/agronholm/typeguard/badge.svg?branch=master&service=github
Source: wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://data-apis.org/array-api/latest/API_specification/generated/array_api.info.capabilities.html
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3426240564.000002115E360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://data-apis.org/array-api/latest/API_specification/inspection.html
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://data-apis.org/array-api/latest/design_topics/data_interchange.html#syntax-for-data-interchan
Source: wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdf
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dmlc.github.io/dlpack/latest/python_spec.html
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211562C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: wcz289366876a.exe, 00000003.00000003.2307705625.0000021155BD3000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2307392308.0000021155BD3000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: wcz289366876a.exe, 00000003.00000002.3420279193.0000021155D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: wcz289366876a.exe, 00000003.00000002.3420279193.0000021155D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: METADATA0.0.dr	String found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: METADATA0.0.dr	String found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/library/string.html#format-specification-mini-language
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.scipy.org/doc/numpy/user/basics.io.genfromtxt.html
Source: wcz289366876a.exe, 00000003.00000002.3423343907.0000021158260000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.scipy.org/doc/numpy/user/numpy-for-matlab-users.html).
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422096484.00000211571E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://doi.org/10.1109/IEEESTD.2008.4610935
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/NVIDIA/caffe.
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol
Source: wcz289366876a.exe, 00000003.00000003.2306641002.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://github.com/agronholm/typeguard
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://github.com/agronholm/typeguard/actions/workflows/test.yml
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://github.com/agronholm/typeguard/actions/workflows/test.yml/badge.svg
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://github.com/agronholm/typeguard/issues
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/arogozhnikov/einops
Source: METADATA0.0.dr	String found in binary or memory: https://github.com/astral-sh/ruff
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/asweigart/pygetwindow
Source: wcz289366876a.exe, 00000003.00000002.3426458058.000002115E590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joblib/threadpoolctl
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/16739
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/20833
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/20833.
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/20833DNN/OpenCL:
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/21326
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/21326cv::initOpenEXRD:
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/23152
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/23152.
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/23152setExceptionMode(enable)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/5412.
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/6293
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/6293u-
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/openvinotoolkit/open_model_zoo/blob/master/models/public/yolo-v2-tiny-tf/yolo-v2-
Source: wcz289366876a.exe, 00000003.00000002.3421438604.0000021156B20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/platformdirs/platformdirs
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/pull/6710
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pydata/bottleneck
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging
Source: wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: wcz289366876a.exe, 00000003.00000002.3421116995.00000211566C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: wcz289366876a.exe, 00000003.00000002.3421438604.0000021156B20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/wheel
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/wheel/issues
Source: wcz289366876a.exe, 00000003.00000002.3423072268.0000021157AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python-pillow/Pillow/
Source: wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.7/Objects/listsort.txt
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: wcz289366876a.exe, 00000003.00000003.2306641002.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: wcz289366876a.exe, 00000003.00000003.2309674034.0000021156118000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: METADATA0.0.dr	String found in binary or memory: https://github.com/python/importlib_metadata
Source: METADATA0.0.dr	String found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: METADATA0.0.dr	String found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: METADATA0.0.dr	String found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: wcz289366876a.exe, 00000003.00000003.2306641002.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/torch/nn/blob/master/doc/module.md
Source: wcz289366876a.exe, 00000003.00000002.3422096484.00000211571E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/torvalds/linux/commit/7cf91a98e607c2f935dbcc177d70011e95b8faff
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2345219213.0000021156571000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B86000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2345219213.0000021156571000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211562C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://googlechromelabs.github.io/chrome-for-testing/known-good-versions-with-downloads.json
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://googlechromelabs.github.io/chrome-for-testing/latest-patch-versions-per-build.json
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: METADATA0.0.dr	String found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: METADATA0.0.dr	String found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: METADATA0.0.dr	String found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: METADATA0.0.dr	String found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: METADATA0.0.dr	String found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: METADATA0.0.dr	String found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: wcz289366876a.exe, 00000003.00000002.3421193749.00000211567E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipython.org
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315649530.00000211563FE000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316104775.00000211563FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mathworld.wolfram.com/SincFunction.html
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://metacpan.org/pod/distribution/Math-Cephes/lib/Math/Cephes.pod#i0:-Modified-Bessel-function-o
Source: wcz289366876a.exe, 00000003.00000002.3426686949.000002115E690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mouseinfo.readthedocs.io
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://netron.app)
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org
Source: wcz289366876a.exe, 00000003.00000002.3422096484.00000211571E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org/devdocs/building/index.html
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422096484.0000021157156000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.00000211572A8000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3423072268.0000021157AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org/devdocs/release/1.20.0-notes.html#deprecations
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org/devdocs/release/1.20.0-notes.html#deprecationsod
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://numpy.org/devdocs/user/troubleshooting-importerror.html#c-api-incompatibility
Source: wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org/doc/stable/glossary.html#term-contiguous
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org/neps/nep-0013-ufunc-overrides.html
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://onnx.ai/
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://onnx.ai/)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://onnxruntime.ai/docs/execution-providers/CoreML-ExecutionProvider.html#coreml_flag_enable_on_
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://onnxruntime.ai/docs/execution-providers/CoreML-ExecutionProvider.html#coreml_flag_only_enabl
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://onnxruntime.ai/docs/execution-providers/CoreML-ExecutionProvider.html#coreml_flag_use_cpu_on
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://optimized-einsum.readthedocs.io/en/stable/
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
Source: wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
Source: wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/All
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
Source: wcz289366876a.exe, 00000003.00000002.3421438604.0000021156B20000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pc-web.haimawan.com/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pc-web.haimawan.com/z
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://people.eecs.berkeley.edu/~wkahan/ieee754status/IEEE754.PDF
Source: wcz289366876a.exe, 00000003.00000002.3420630220.00000211561C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0205/
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0685/
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_379.htm
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://pjreddie.com/darknet/
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://pjreddie.com/darknet/)
Source: wcz289366876a.exe, 00000003.00000002.3426458058.000002115E638000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: wcz289366876a.exe, 00000003.00000002.3421438604.0000021156B20000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/build/).
Source: METADATA0.0.dr	String found in binary or memory: https://pypi.org/project/importlib_metadata
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/setuptools/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.000002115665E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/threadpoolctl/
Source: METADATA0.0.dr	String found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://readthedocs.org/projects/typeguard/badge/?version=latest
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/
Source: wcz289366876a.exe, 00000003.00000003.2312541043.0000021156324000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: wcz289366876a.exe, 00000003.00000003.2313590543.000002115632A000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2312737915.0000021156064000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2312711851.000002115618C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.00000211562C0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2312541043.0000021156324000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: wcz289366876a.exe, 00000003.00000002.3421193749.00000211567E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: wcz289366876a.exe, 00000003.00000003.2312541043.00000211562E4000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2312541043.0000021156324000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;
Source: wcz289366876a.exe, 00000003.00000003.2312541043.00000211562E4000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2312541043.0000021156324000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;r
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://software.intel.com/openvino-toolkit)
Source: wcz289366876a.exe, 00000003.00000002.3426240564.000002115E360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/18905702/python-ctypes-and-mutable-buffers
Source: wcz289366876a.exe, 00000003.00000002.3426240564.000002115E360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/455434/how-should-i-use-formatmessage-properly-in-c
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://static.aminer.org/pdf/PDF/000/317/196/spatio_temporal_wiener_filtering_of_image_sequences_us
Source: tk.tcl.0.dr	String found in binary or memory: https://support.apple.com/en-us/HT201236
Source: METADATA0.0.dr	String found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: METADATA0.0.dr	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B86000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: METADATA14.0.dr	String found in binary or memory: https://typeguard.readthedocs.io/en/latest/
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://typeguard.readthedocs.io/en/latest/?badge=latest
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://typeguard.readthedocs.io/en/latest/versionhistory.html
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webauthn/#credential-parameters.
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webdriver/
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategies.
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategies:
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webdriver/#timeouts.
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webdriver/#timeouts:
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wcz289366876.cloud-ip.biz/admin-api/ore/auth/updateAuth?auth=
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wheel.readthedocs.io/
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
Source: wcz289366876a.exe, 00000003.00000003.2316104775.00000211563BE000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316526265.00000211563AD000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315585576.0000021156417000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315649530.00000211563AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ams.org/journals/mcom/1988-51-184/
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/filterLabelresultRoimaxClockFre
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mathworks.com/help/techdoc/ref/rank.html
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openblas.net/
Source: wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315649530.00000211563FE000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316104775.00000211563FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0427/
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://www.python.org/dev/peps/pep-0484/
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.selenium.dev/documentation/legacy/desired_capabilities/
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.selenium.dev/documentation/legacy/json_wire_protocol/.
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.selenium.dev/documentation/webdriver/drivers/options/#pageloadstrategy.
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.selenium.dev/documentation/webdriver/troubleshooting/errors
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.tensorflow.org/
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.tensorflow.org/)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.tensorflow.org/lite
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/K0
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2345219213.0000021156571000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Detected potential crypto function

Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A25C00	0_2_00007FF7E2A25C00
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A089E0	0_2_00007FF7E2A089E0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A26964	0_2_00007FF7E2A26964
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A01000	0_2_00007FF7E2A01000
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A23C10	0_2_00007FF7E2A23C10
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A12C10	0_2_00007FF7E2A12C10
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A11B50	0_2_00007FF7E2A11B50
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0ACAD	0_2_00007FF7E2A0ACAD
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A26418	0_2_00007FF7E2A26418
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A208C8	0_2_00007FF7E2A208C8
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0A47B	0_2_00007FF7E2A0A47B
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A139A4	0_2_00007FF7E2A139A4
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A11944	0_2_00007FF7E2A11944
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A12164	0_2_00007FF7E2A12164
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0A2DB	0_2_00007FF7E2A0A2DB
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A1DA5C	0_2_00007FF7E2A1DA5C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A09800	0_2_00007FF7E2A09800
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A11740	0_2_00007FF7E2A11740
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A29728	0_2_00007FF7E2A29728
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A18794	0_2_00007FF7E2A18794
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A11F60	0_2_00007FF7E2A11F60
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A208C8	0_2_00007FF7E2A208C8
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A240AC	0_2_00007FF7E2A240AC
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A180E4	0_2_00007FF7E2A180E4
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A21874	0_2_00007FF7E2A21874
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A135A0	0_2_00007FF7E2A135A0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A11D54	0_2_00007FF7E2A11D54
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A15D30	0_2_00007FF7E2A15D30
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A1E570	0_2_00007FF7E2A1E570
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A19EA0	0_2_00007FF7E2A19EA0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A1DEF0	0_2_00007FF7E2A1DEF0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A25E7C	0_2_00007FF7E2A25E7C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A26964	3_2_00007FF7E2A26964
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A01000	3_2_00007FF7E2A01000
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A23C10	3_2_00007FF7E2A23C10
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A12C10	3_2_00007FF7E2A12C10
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A25C00	3_2_00007FF7E2A25C00
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A11B50	3_2_00007FF7E2A11B50
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0ACAD	3_2_00007FF7E2A0ACAD
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A26418	3_2_00007FF7E2A26418
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A208C8	3_2_00007FF7E2A208C8
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0A47B	3_2_00007FF7E2A0A47B
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A139A4	3_2_00007FF7E2A139A4
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A089E0	3_2_00007FF7E2A089E0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A11944	3_2_00007FF7E2A11944
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A12164	3_2_00007FF7E2A12164
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0A2DB	3_2_00007FF7E2A0A2DB
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A1DA5C	3_2_00007FF7E2A1DA5C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A09800	3_2_00007FF7E2A09800
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A11740	3_2_00007FF7E2A11740
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A29728	3_2_00007FF7E2A29728
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A18794	3_2_00007FF7E2A18794
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A11F60	3_2_00007FF7E2A11F60
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A208C8	3_2_00007FF7E2A208C8
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A240AC	3_2_00007FF7E2A240AC
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A180E4	3_2_00007FF7E2A180E4
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A21874	3_2_00007FF7E2A21874
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A135A0	3_2_00007FF7E2A135A0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A11D54	3_2_00007FF7E2A11D54
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A15D30	3_2_00007FF7E2A15D30
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A1E570	3_2_00007FF7E2A1E570
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A19EA0	3_2_00007FF7E2A19EA0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A1DEF0	3_2_00007FF7E2A1DEF0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A25E7C	3_2_00007FF7E2A25E7C

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: String function: 00007FF7E2A02710 appears 104 times
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: String function: 00007FF7E2A02910 appears 34 times

Sample file is different than original file name gathered from version info

Source: wcz289366876a.exe, 00000000.00000003.2157023110.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_multiprocessing.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2157261471.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_asyncio.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_elementtree.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamezlib1.dll* vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_overlapped.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000003.00000002.3420357783.0000021155E70000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs wcz289366876a.exe

Source: classification engine

Classification label: sus28.troj.winEXE@6/1025@0/1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1492:120:WilError_03

Source: C:\Users\user\Desktop\wcz289366876a.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI62282

Jump to behavior

Source: wcz289366876a.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\wcz289366876a.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor

Source: C:\Users\user\Desktop\wcz289366876a.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\wcz289366876a.exe

File read: C:\Users\user\Desktop\wcz289366876a.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\wcz289366876a.exe "C:\Users\user\Desktop\wcz289366876a.exe"
Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Users\user\Desktop\wcz289366876a.exe "C:\Users\user\Desktop\wcz289366876a.exe"
Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Users\user\Desktop\wcz289366876a.exe "C:\Users\user\Desktop\wcz289366876a.exe"	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior

Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: libffi-8.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: libssl-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: tcl86t.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: tk86t.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: zlib1.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: libscipy_openblas64_-c16e4918366c6bc1f1cd71e28ca36fc0.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: msvcp140-d64049c6e3865410a7dda6a7e9f0c575.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: mf.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: mfreadwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: mfcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: umpdc.dll	Jump to behavior

Source: C:\Users\user\Desktop\wcz289366876a.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: wcz289366876a.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: wcz289366876a.exe

Static file information: File size 83071922 > 1048576

Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: wcz289366876a.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: wcz289366876a.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: d~/.pdbrcoperty source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_elementtree.pdb source: wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d.pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ~/.pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wcz289366876a.exe, 00000000.00000003.2157023110.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: placed in the .pdbrc file): source: wcz289366876a.exe, 00000003.00000002.3422683787.000002115768A000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422683787.000002115761F000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.0000021157595000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: wcz289366876a.exe, 00000000.00000003.2157023110.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pdb.Pdb source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: -c are executed after commands from .pdbrc files. source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: If a file ".pdbrc" exists in your home directory or in the current source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.0000021157595000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.00000211575BB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wcz289366876a.exe, 00000000.00000003.2157261471.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpdb.Pdb source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Initial commands are read from .pdbrc files in your home directory source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422683787.000002115761F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.9\cmake-build\lib\python3\Release\cv2.pdb source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD90B6A000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: wcz289366876a.exe, 00000003.00000002.3420357783.0000021155E70000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: The standard debugger class (pdb.Pdb) is an example. source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: wcz289366876a.exe, 00000000.00000003.2157261471.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp

Source: wcz289366876a.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: wcz289366876a.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: wcz289366876a.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: wcz289366876a.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: wcz289366876a.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Drops PE files

Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingtk.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\tcl86t.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_common.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_webp.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\selenium\webdriver\common\windows\selenium-manager.exe	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingmath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\charset_normalizer\md__mypyc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\src\chromedriver.exe	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\tk86t.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy.libs\msvcp140-d64049c6e3865410a7dda6a7e9f0c575.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_pcg64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\_core\_multiarray_tests.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_sfc64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\bit_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingcms.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\_core\_multiarray_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\cv2\opencv_videoio_ffmpeg4100_64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingft.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\charset_normalizer\md.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_bounded_integers.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\fft\_pocketfft_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\mtrand.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\zlib1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy.libs\libscipy_openblas64_-c16e4918366c6bc1f1cd71e28ca36fc0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_mt19937.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imaging.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\cv2\cv2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\python312.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_philox.cp312-win_amd64.pyd	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 48080

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\wcz289366876a.exe

Code function: 0_2_00007FF7E2A05830 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,

0_2_00007FF7E2A05830

Source: C:\Users\user\Desktop\wcz289366876a.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingcms.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\_core\_multiarray_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingtk.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\cv2\opencv_videoio_ffmpeg4100_64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_common.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_webp.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingft.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\selenium\webdriver\common\windows\selenium-manager.exe	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\charset_normalizer\md.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\charset_normalizer\md__mypyc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingmath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\src\chromedriver.exe	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_bounded_integers.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\fft\_pocketfft_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\mtrand.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_pcg64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\_core\_multiarray_tests.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_mt19937.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_sfc64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imaging.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\cv2\cv2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\bit_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\python312.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_philox.cp312-win_amd64.pyd	Jump to dropped file

Found evasive API chain checking for process token information

Source: C:\Users\user\Desktop\wcz289366876a.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\wcz289366876a.exe

API coverage: 4.9 %

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\wcz289366876a.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A09280 FindFirstFileExW,FindClose,	0_2_00007FF7E2A09280
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF7E2A083C0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7E2A21874
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A09280 FindFirstFileExW,FindClose,	3_2_00007FF7E2A09280
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	3_2_00007FF7E2A083C0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF7E2A21874

Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI62282\	Jump to behavior

Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: hgfsetSaturationWeight

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\wcz289366876a.exe

Code function: 0_2_00007FF7E2A0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7E2A0D12C

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\wcz289366876a.exe

Code function: 0_2_00007FF7E2A23480 GetProcessHeap,

0_2_00007FF7E2A23480

Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7E2A0D12C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0D30C SetUnhandledExceptionFilter,	0_2_00007FF7E2A0D30C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7E2A0C8A0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7E2A1A614
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF7E2A0D12C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0D30C SetUnhandledExceptionFilter,	3_2_00007FF7E2A0D30C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FF7E2A0C8A0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF7E2A1A614

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Users\user\Desktop\wcz289366876a.exe "C:\Users\user\Desktop\wcz289366876a.exe"			Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"			Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\wcz289366876a.exe

Code function: 0_2_00007FF7E2A29570 cpuid

0_2_00007FF7E2A29570

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\http1.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\opt0.4 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America\Argentina VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America\Argentina VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America\Argentina VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\wcz289366876a.exe

Code function: 0_2_00007FF7E2A0D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7E2A0D010

Source: C:\Users\user\Desktop\wcz289366876a.exe

Code function: 0_2_00007FF7E2A25C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF7E2A25C00

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
20.2.164.27	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://20.2.164.27:48080/admin-api/ore/config/getConf	false	Avira URL Cloud: safe	unknown

Source: wcz289366876a.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: d~/.pdbrcoperty source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_elementtree.pdb source: wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d.pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ~/.pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wcz289366876a.exe, 00000000.00000003.2157023110.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: placed in the .pdbrc file): source: wcz289366876a.exe, 00000003.00000002.3422683787.000002115768A000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422683787.000002115761F000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.0000021157595000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: wcz289366876a.exe, 00000000.00000003.2157023110.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pdb.Pdb source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: -c are executed after commands from .pdbrc files. source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: If a file ".pdbrc" exists in your home directory or in the current source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.0000021157595000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.00000211575BB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wcz289366876a.exe, 00000000.00000003.2157261471.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpdb.Pdb source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Initial commands are read from .pdbrc files in your home directory source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422683787.000002115761F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.9\cmake-build\lib\python3\Release\cv2.pdb source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD90B6A000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: wcz289366876a.exe, 00000003.00000002.3420357783.0000021155E70000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: The standard debugger class (pdb.Pdb) is an example. source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: wcz289366876a.exe, 00000000.00000003.2157261471.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A09280 FindFirstFileExW,FindClose,	0_2_00007FF7E2A09280
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF7E2A083C0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7E2A21874
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A09280 FindFirstFileExW,FindClose,	3_2_00007FF7E2A09280
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	3_2_00007FF7E2A083C0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF7E2A21874

Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI62282\	Jump to behavior

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 48080

Detected TCP or UDP traffic on non-standard ports

Source: global traffic

TCP traffic: 192.168.2.6:49739 -> 20.2.164.27:48080

Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.2.164.27

Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /admin-api/ore/config/getConf HTTP/1.1Host: 20.2.164.27:48080User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: /Connection: keep-alive

Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:4444
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:4444/wd/hub
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://198.0.0.1:4444/wd/hub
Source: wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://20.2.164.27:48080/admin-api/ore/auth/getAuth
Source: wcz289366876a.exe, 00000003.00000002.3426686949.000002115E690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://20.2.164.27:48080/admin-api/ore/config/getConf
Source: wcz289366876a.exe, 00000003.00000002.3426686949.000002115E690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://20.2.164.27:48080/admin-api/ore/config/getConf0-j
Source: wcz289366876a.exe, 00000003.00000002.3426686949.000002115E690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://20.2.164.27:48080/admin-api/ore/config/getConfp
Source: wcz289366876a.exe, 00000003.00000002.3426686949.000002115E690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://20.2.164.27:48080/admin-api/ore/config/getConfpRq
Source: wcz289366876a.exe, 00000003.00000002.3420279193.0000021155D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://43.199.41.35:8080/wcz289366876a.exe
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://43.199.41.35:8080/windows.zip
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.co
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://caffe.berkeleyvision.org
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://caffe.berkeleyvision.org/)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://campar.in.tum.de/Chair/HandEyeCalibration).
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316325695.00000211560B7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.00000211564E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: wcz289366876a.exe, 00000003.00000003.2316104775.00000211563BE000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315585576.0000021156417000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315649530.00000211563AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlV
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlCFZ
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeS
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: wcz289366876a.exe, 00000003.00000003.2318288450.0000021156559000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/unittest.html
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar.tar.gz
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar.tgz
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2345099835.0000021156525000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/f
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://homepages.inf.ed.ac.uk/rbf/HIPR2/hough.htm
Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es38
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: wcz289366876a.exe, 00000003.00000002.3421193749.00000211567E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422683787.000002115761F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tip.tcl.tk/48)
Source: wcz289366876a.exe, 00000003.00000003.2345288275.000002115702B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421821788.000002115700F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5234
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6455#section-5.2
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://torch.ch
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://torch.ch/)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://underdestruction.com/2004/02/25/stackblur-2004.
Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlp(
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htmj
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: wcz289366876a.exe, 00000003.00000003.2345288275.000002115708A000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421821788.000002115708A000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: wcz289366876a.exe, 00000003.00000002.3421193749.00000211567E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/7(
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.dai.ed.ac.uk/CVonline/LOCAL_COPIES/MANDUCHI1/Bilateral_Filtering.html
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1837000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.gdal.org)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.gdal.org/formats_list.html)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.gdal.org/ogr_formats.html).
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/index.html
Source: wcz289366876a.exe, 00000003.00000003.2316049801.00000211564B8000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316526265.000002115639E000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316325695.000002115611B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.ipol.im/pub/algo/bcm_non_local_means_denoising
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: http://www.ipol.im/pub/algo/bcm_non_local_means_denoising/
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2004/em-rdf#
Source: wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.scipy.org/not/real/data.txt
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.xyz.edu/data
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.zlib.net/D
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2345219213.0000021156571000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156559000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://arxiv.org/abs/1704.04503
Source: METADATA0.0.dr	String found in binary or memory: https://blog.jaraco.com/skeleton
Source: wcz289366876a.exe, 00000003.00000002.3421438604.0000021156B20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue44497.
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromedevtools.github.io/devtools-protocol/
Source: wcz289366876a.exe, 00000003.00000002.3423072268.0000021157AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromedriver.storage.googleapis.com
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASE
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromedriver.storage.googleapis.com/LATEST_RELEASEnagerver
Source: wcz289366876a.exe, 00000003.00000002.3423072268.0000021157AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromedriver.storage.googleapis.comePY
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://coveralls.io/github/agronholm/typeguard?branch=master
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://coveralls.io/repos/agronholm/typeguard/badge.svg?branch=master&service=github
Source: wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://data-apis.org/array-api/latest/API_specification/generated/array_api.info.capabilities.html
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3426240564.000002115E360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://data-apis.org/array-api/latest/API_specification/inspection.html
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://data-apis.org/array-api/latest/design_topics/data_interchange.html#syntax-for-data-interchan
Source: wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdf
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dmlc.github.io/dlpack/latest/python_spec.html
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211562C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: wcz289366876a.exe, 00000003.00000003.2307705625.0000021155BD3000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2307392308.0000021155BD3000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: wcz289366876a.exe, 00000003.00000002.3420279193.0000021155D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: wcz289366876a.exe, 00000003.00000002.3420279193.0000021155D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: METADATA0.0.dr	String found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: METADATA0.0.dr	String found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/library/string.html#format-specification-mini-language
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.scipy.org/doc/numpy/user/basics.io.genfromtxt.html
Source: wcz289366876a.exe, 00000003.00000002.3423343907.0000021158260000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.scipy.org/doc/numpy/user/numpy-for-matlab-users.html).
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422096484.00000211571E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://doi.org/10.1109/IEEESTD.2008.4610935
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/NVIDIA/caffe.
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol
Source: wcz289366876a.exe, 00000003.00000003.2306641002.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://github.com/agronholm/typeguard
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://github.com/agronholm/typeguard/actions/workflows/test.yml
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://github.com/agronholm/typeguard/actions/workflows/test.yml/badge.svg
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://github.com/agronholm/typeguard/issues
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/arogozhnikov/einops
Source: METADATA0.0.dr	String found in binary or memory: https://github.com/astral-sh/ruff
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/asweigart/pygetwindow
Source: wcz289366876a.exe, 00000003.00000002.3426458058.000002115E590000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joblib/threadpoolctl
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/16739
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/16739cv::MatOp_AddEx::assign
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/20833
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/20833.
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/20833DNN/OpenCL:
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/21326
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/21326cv::initOpenEXRD:
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/23152
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/23152.
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/23152setExceptionMode(enable)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/5412.
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/6293
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/opencv/opencv/issues/6293u-
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/openvinotoolkit/open_model_zoo/blob/master/models/public/yolo-v2-tiny-tf/yolo-v2-
Source: wcz289366876a.exe, 00000003.00000002.3421438604.0000021156B20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/platformdirs/platformdirs
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/pull/6710
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pydata/bottleneck
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging
Source: wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: wcz289366876a.exe, 00000003.00000002.3421116995.00000211566C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: wcz289366876a.exe, 00000003.00000002.3421438604.0000021156B20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/wheel
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/wheel/issues
Source: wcz289366876a.exe, 00000003.00000002.3423072268.0000021157AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python-pillow/Pillow/
Source: wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.7/Objects/listsort.txt
Source: wcz289366876a.exe, 00000003.00000002.3419907444.0000021155A10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: wcz289366876a.exe, 00000003.00000003.2306641002.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: wcz289366876a.exe, 00000003.00000003.2309674034.0000021156118000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B86000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: METADATA0.0.dr	String found in binary or memory: https://github.com/python/importlib_metadata
Source: METADATA0.0.dr	String found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: METADATA0.0.dr	String found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: METADATA0.0.dr	String found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: wcz289366876a.exe, 00000003.00000003.2306641002.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B3C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3419648043.00000211540B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://github.com/torch/nn/blob/master/doc/module.md
Source: wcz289366876a.exe, 00000003.00000002.3422096484.00000211571E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/torvalds/linux/commit/7cf91a98e607c2f935dbcc177d70011e95b8faff
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2345219213.0000021156571000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B86000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2345219213.0000021156571000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211562C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://googlechromelabs.github.io/chrome-for-testing/known-good-versions-with-downloads.json
Source: wcz289366876a.exe, 00000003.00000002.3422995782.00000211579D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://googlechromelabs.github.io/chrome-for-testing/latest-patch-versions-per-build.json
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420455313.00000211560A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: METADATA0.0.dr	String found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: METADATA0.0.dr	String found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: METADATA0.0.dr	String found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: METADATA0.0.dr	String found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: METADATA0.0.dr	String found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: METADATA0.0.dr	String found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: wcz289366876a.exe, 00000003.00000002.3421193749.00000211567E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipython.org
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315649530.00000211563FE000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316104775.00000211563FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mathworld.wolfram.com/SincFunction.html
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://metacpan.org/pod/distribution/Math-Cephes/lib/Math/Cephes.pod#i0:-Modified-Bessel-function-o
Source: wcz289366876a.exe, 00000003.00000002.3426686949.000002115E690000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mouseinfo.readthedocs.io
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://netron.app)
Source: wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org
Source: wcz289366876a.exe, 00000003.00000002.3422096484.00000211571E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org/devdocs/building/index.html
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422096484.0000021157156000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.00000211572A8000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3423072268.0000021157AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org/devdocs/release/1.20.0-notes.html#deprecations
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org/devdocs/release/1.20.0-notes.html#deprecationsod
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://numpy.org/devdocs/user/troubleshooting-importerror.html#c-api-incompatibility
Source: wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org/doc/stable/glossary.html#term-contiguous
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://numpy.org/neps/nep-0013-ufunc-overrides.html
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://onnx.ai/
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://onnx.ai/)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://onnxruntime.ai/docs/execution-providers/CoreML-ExecutionProvider.html#coreml_flag_enable_on_
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://onnxruntime.ai/docs/execution-providers/CoreML-ExecutionProvider.html#coreml_flag_only_enabl
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://onnxruntime.ai/docs/execution-providers/CoreML-ExecutionProvider.html#coreml_flag_use_cpu_on
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://optimized-einsum.readthedocs.io/en/stable/
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
Source: wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
Source: wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/All
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
Source: wcz289366876a.exe, 00000003.00000002.3421438604.0000021156B20000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pc-web.haimawan.com/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pc-web.haimawan.com/z
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://people.eecs.berkeley.edu/~wkahan/ieee754status/IEEE754.PDF
Source: wcz289366876a.exe, 00000003.00000002.3420630220.00000211561C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0205/
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0685/
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://personal.math.ubc.ca/~cbm/aands/page_379.htm
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://pjreddie.com/darknet/
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://pjreddie.com/darknet/)
Source: wcz289366876a.exe, 00000003.00000002.3426458058.000002115E638000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: wcz289366876a.exe, 00000003.00000002.3421438604.0000021156B20000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/build/).
Source: METADATA0.0.dr	String found in binary or memory: https://pypi.org/project/importlib_metadata
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/setuptools/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.000002115665E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/threadpoolctl/
Source: METADATA0.0.dr	String found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://readthedocs.org/projects/typeguard/badge/?version=latest
Source: wcz289366876a.exe, 00000003.00000002.3421273979.00000211568F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: wcz289366876a.exe, 00000003.00000002.3421522369.0000021156C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/
Source: wcz289366876a.exe, 00000003.00000003.2312541043.0000021156324000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: wcz289366876a.exe, 00000003.00000003.2313590543.000002115632A000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2312737915.0000021156064000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2312711851.000002115618C000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.00000211562C0000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2312541043.0000021156324000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: wcz289366876a.exe, 00000003.00000002.3421193749.00000211567E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: wcz289366876a.exe, 00000003.00000003.2312541043.00000211562E4000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2312541043.0000021156324000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;
Source: wcz289366876a.exe, 00000003.00000003.2312541043.00000211562E4000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2312541043.0000021156324000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;r
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://software.intel.com/openvino-toolkit)
Source: wcz289366876a.exe, 00000003.00000002.3426240564.000002115E360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/18905702/python-ctypes-and-mutable-buffers
Source: wcz289366876a.exe, 00000003.00000002.3426240564.000002115E360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/455434/how-should-i-use-formatmessage-properly-in-c
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://static.aminer.org/pdf/PDF/000/317/196/spatio_temporal_wiener_filtering_of_image_sequences_us
Source: tk.tcl.0.dr	String found in binary or memory: https://support.apple.com/en-us/HT201236
Source: METADATA0.0.dr	String found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: METADATA0.0.dr	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B86000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: METADATA14.0.dr	String found in binary or memory: https://typeguard.readthedocs.io/en/latest/
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://typeguard.readthedocs.io/en/latest/?badge=latest
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://typeguard.readthedocs.io/en/latest/versionhistory.html
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webauthn/#credential-parameters.
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webdriver/
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategies.
Source: wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webdriver/#dfn-table-of-page-load-strategies:
Source: wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webdriver/#timeouts.
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webdriver/#timeouts:
Source: wcz289366876a.exe, 00000003.00000002.3421603467.0000021156D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wcz289366876.cloud-ip.biz/admin-api/ore/auth/updateAuth?auth=
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wheel.readthedocs.io/
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
Source: wcz289366876a.exe, 00000003.00000003.2316104775.00000211563BE000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316526265.00000211563AD000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315585576.0000021156417000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315649530.00000211563AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ams.org/journals/mcom/1988-51-184/
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/filterLabelresultRoimaxClockFre
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mathworks.com/help/techdoc/ref/rank.html
Source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.openblas.net/
Source: wcz289366876a.exe, 00000003.00000002.3420455313.0000021155FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2315649530.00000211563FE000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2316104775.00000211563FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0427/
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1813000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr	String found in binary or memory: https://www.python.org/dev/peps/pep-0484/
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.selenium.dev/documentation/legacy/desired_capabilities/
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421006005.0000021156675000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.selenium.dev/documentation/legacy/json_wire_protocol/.
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3421682152.0000021156E30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.selenium.dev/documentation/webdriver/drivers/options/#pageloadstrategy.
Source: wcz289366876a.exe, 00000003.00000002.3422876819.0000021157760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.selenium.dev/documentation/webdriver/troubleshooting/errors
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.tensorflow.org/
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.tensorflow.org/)
Source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD9036C000.00000002.00000001.01000000.00000023.sdmp	String found in binary or memory: https://www.tensorflow.org/lite
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: wcz289366876a.exe, 00000003.00000002.3421006005.00000211565D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: wcz289366876a.exe, 00000003.00000002.3421760728.0000021156F60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/K0
Source: wcz289366876a.exe, 00000003.00000002.3420708862.000002115637B000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.00000211564CC000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2345219213.0000021156571000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000003.2318288450.0000021156571000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Detected potential crypto function

Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A25C00	0_2_00007FF7E2A25C00
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A089E0	0_2_00007FF7E2A089E0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A26964	0_2_00007FF7E2A26964
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A01000	0_2_00007FF7E2A01000
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A23C10	0_2_00007FF7E2A23C10
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A12C10	0_2_00007FF7E2A12C10
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A11B50	0_2_00007FF7E2A11B50
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0ACAD	0_2_00007FF7E2A0ACAD
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A26418	0_2_00007FF7E2A26418
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A208C8	0_2_00007FF7E2A208C8
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0A47B	0_2_00007FF7E2A0A47B
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A139A4	0_2_00007FF7E2A139A4
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A11944	0_2_00007FF7E2A11944
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A12164	0_2_00007FF7E2A12164
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0A2DB	0_2_00007FF7E2A0A2DB
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A1DA5C	0_2_00007FF7E2A1DA5C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A09800	0_2_00007FF7E2A09800
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A11740	0_2_00007FF7E2A11740
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A29728	0_2_00007FF7E2A29728
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A18794	0_2_00007FF7E2A18794
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A11F60	0_2_00007FF7E2A11F60
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A208C8	0_2_00007FF7E2A208C8
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A240AC	0_2_00007FF7E2A240AC
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A180E4	0_2_00007FF7E2A180E4
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A21874	0_2_00007FF7E2A21874
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A135A0	0_2_00007FF7E2A135A0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A11D54	0_2_00007FF7E2A11D54
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A15D30	0_2_00007FF7E2A15D30
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A1E570	0_2_00007FF7E2A1E570
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A19EA0	0_2_00007FF7E2A19EA0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A1DEF0	0_2_00007FF7E2A1DEF0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A25E7C	0_2_00007FF7E2A25E7C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A26964	3_2_00007FF7E2A26964
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A01000	3_2_00007FF7E2A01000
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A23C10	3_2_00007FF7E2A23C10
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A12C10	3_2_00007FF7E2A12C10
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A25C00	3_2_00007FF7E2A25C00
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A11B50	3_2_00007FF7E2A11B50
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0ACAD	3_2_00007FF7E2A0ACAD
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A26418	3_2_00007FF7E2A26418
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A208C8	3_2_00007FF7E2A208C8
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0A47B	3_2_00007FF7E2A0A47B
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A139A4	3_2_00007FF7E2A139A4
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A089E0	3_2_00007FF7E2A089E0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A11944	3_2_00007FF7E2A11944
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A12164	3_2_00007FF7E2A12164
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0A2DB	3_2_00007FF7E2A0A2DB
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A1DA5C	3_2_00007FF7E2A1DA5C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A09800	3_2_00007FF7E2A09800
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A11740	3_2_00007FF7E2A11740
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A29728	3_2_00007FF7E2A29728
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A18794	3_2_00007FF7E2A18794
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A11F60	3_2_00007FF7E2A11F60
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A208C8	3_2_00007FF7E2A208C8
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A240AC	3_2_00007FF7E2A240AC
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A180E4	3_2_00007FF7E2A180E4
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A21874	3_2_00007FF7E2A21874
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A135A0	3_2_00007FF7E2A135A0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A11D54	3_2_00007FF7E2A11D54
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A15D30	3_2_00007FF7E2A15D30
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A1E570	3_2_00007FF7E2A1E570
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A19EA0	3_2_00007FF7E2A19EA0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A1DEF0	3_2_00007FF7E2A1DEF0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A25E7C	3_2_00007FF7E2A25E7C

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: String function: 00007FF7E2A02710 appears 104 times
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: String function: 00007FF7E2A02910 appears 34 times

Sample file is different than original file name gathered from version info

Source: wcz289366876a.exe, 00000000.00000003.2157023110.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158967279.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_multiprocessing.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2157261471.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_asyncio.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_elementtree.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158111302.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000002.3419681960.000001F7A1846000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamezlib1.dll* vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_overlapped.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2157960492.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs wcz289366876a.exe
Source: wcz289366876a.exe, 00000003.00000002.3420357783.0000021155E70000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs wcz289366876a.exe

Source: classification engine

Classification label: sus28.troj.winEXE@6/1025@0/1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1492:120:WilError_03

Source: C:\Users\user\Desktop\wcz289366876a.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI62282

Jump to behavior

Source: wcz289366876a.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\wcz289366876a.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor

Source: C:\Users\user\Desktop\wcz289366876a.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\wcz289366876a.exe

File read: C:\Users\user\Desktop\wcz289366876a.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\wcz289366876a.exe "C:\Users\user\Desktop\wcz289366876a.exe"
Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Users\user\Desktop\wcz289366876a.exe "C:\Users\user\Desktop\wcz289366876a.exe"
Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Users\user\Desktop\wcz289366876a.exe "C:\Users\user\Desktop\wcz289366876a.exe"	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior

Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: libffi-8.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: libssl-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: tcl86t.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: tk86t.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: zlib1.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: libscipy_openblas64_-c16e4918366c6bc1f1cd71e28ca36fc0.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: msvcp140-d64049c6e3865410a7dda6a7e9f0c575.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: mf.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: mfreadwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: mfcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Section loaded: umpdc.dll	Jump to behavior

Source: C:\Users\user\Desktop\wcz289366876a.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32

Jump to behavior

Source: wcz289366876a.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: wcz289366876a.exe

Static file information: File size 83071922 > 1048576

Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: wcz289366876a.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: wcz289366876a.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: wcz289366876a.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: d~/.pdbrcoperty source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_elementtree.pdb source: wcz289366876a.exe, 00000000.00000003.2158282986.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d.pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: wcz289366876a.exe, 00000000.00000003.2158709430.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ~/.pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wcz289366876a.exe, 00000000.00000003.2157023110.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: placed in the .pdbrc file): source: wcz289366876a.exe, 00000003.00000002.3422683787.000002115768A000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422683787.000002115761F000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.0000021157595000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3420708862.0000021156467000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: wcz289366876a.exe, 00000000.00000003.2157023110.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pdb.Pdb source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: -c are executed after commands from .pdbrc files. source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: If a file ".pdbrc" exists in your home directory or in the current source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.0000021157595000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422323267.00000211575BB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: wcz289366876a.exe, 00000000.00000003.2158641443.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wcz289366876a.exe, 00000000.00000003.2157261471.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpdb.Pdb source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Initial commands are read from .pdbrc files in your home directory source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp, wcz289366876a.exe, 00000003.00000002.3422683787.000002115761F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: wcz289366876a.exe, 00000000.00000003.2158407135.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: .pdbrc source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: wcz289366876a.exe, 00000000.00000003.2157703180.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\opencv-python\opencv-python\_skbuild\win-amd64-3.9\cmake-build\lib\python3\Release\cv2.pdb source: wcz289366876a.exe, 00000003.00000002.3430881070.00007FFD90B6A000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: wcz289366876a.exe, 00000000.00000003.2158791214.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: wcz289366876a.exe, 00000000.00000003.2158529756.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: wcz289366876a.exe, 00000000.00000003.2157819676.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: wcz289366876a.exe, 00000000.00000003.2158859835.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: wcz289366876a.exe, 00000003.00000002.3420357783.0000021155E70000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: The standard debugger class (pdb.Pdb) is an example. source: wcz289366876a.exe, 00000003.00000002.3422323267.00000211573A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: wcz289366876a.exe, 00000000.00000003.2157261471.000001F7A1814000.00000004.00000020.00020000.00000000.sdmp

Source: wcz289366876a.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: wcz289366876a.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: wcz289366876a.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: wcz289366876a.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: wcz289366876a.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Drops PE files

Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingtk.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\tcl86t.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_common.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_webp.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\selenium\webdriver\common\windows\selenium-manager.exe	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingmath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\charset_normalizer\md__mypyc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\src\chromedriver.exe	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\tk86t.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy.libs\msvcp140-d64049c6e3865410a7dda6a7e9f0c575.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_pcg64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\_core\_multiarray_tests.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_sfc64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\bit_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingcms.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\_core\_multiarray_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\cv2\opencv_videoio_ffmpeg4100_64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingft.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\charset_normalizer\md.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_bounded_integers.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\fft\_pocketfft_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\mtrand.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\zlib1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy.libs\libscipy_openblas64_-c16e4918366c6bc1f1cd71e28ca36fc0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_mt19937.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imaging.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\cv2\cv2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\python312.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_philox.cp312-win_amd64.pyd	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 48080
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 48080

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\wcz289366876a.exe

0_2_00007FF7E2A05830

Source: C:\Users\user\Desktop\wcz289366876a.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingcms.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\_core\_multiarray_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingtk.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\cv2\opencv_videoio_ffmpeg4100_64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_common.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_webp.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingft.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\selenium\webdriver\common\windows\selenium-manager.exe	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\charset_normalizer\md.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\charset_normalizer\md__mypyc.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imagingmath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\src\chromedriver.exe	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_bounded_integers.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_elementtree.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\fft\_pocketfft_umath.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\mtrand.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_pcg64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\_core\_multiarray_tests.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_mt19937.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_sfc64.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL\_imaging.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\cv2\cv2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\bit_generator.cp312-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\python312.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wcz289366876a.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62282\numpy\random\_philox.cp312-win_amd64.pyd	Jump to dropped file

Found evasive API chain checking for process token information

Source: C:\Users\user\Desktop\wcz289366876a.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\wcz289366876a.exe

API coverage: 4.9 %

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\wcz289366876a.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A09280 FindFirstFileExW,FindClose,	0_2_00007FF7E2A09280
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF7E2A083C0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF7E2A21874
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A09280 FindFirstFileExW,FindClose,	3_2_00007FF7E2A09280
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	3_2_00007FF7E2A083C0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_00007FF7E2A21874

Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI62282\	Jump to behavior

Source: wcz289366876a.exe, 00000003.00000002.3420122272.0000021155B86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: wcz289366876a.exe, 00000003.00000002.3426377278.000002115E490000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: hgfsetSaturationWeight

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\wcz289366876a.exe

Code function: 0_2_00007FF7E2A0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7E2A0D12C

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\wcz289366876a.exe

Code function: 0_2_00007FF7E2A23480 GetProcessHeap,

0_2_00007FF7E2A23480

Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7E2A0D12C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0D30C SetUnhandledExceptionFilter,	0_2_00007FF7E2A0D30C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A0C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7E2A0C8A0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 0_2_00007FF7E2A1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7E2A1A614
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF7E2A0D12C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0D30C SetUnhandledExceptionFilter,	3_2_00007FF7E2A0D30C
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A0C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FF7E2A0C8A0
Source: C:\Users\user\Desktop\wcz289366876a.exe	Code function: 3_2_00007FF7E2A1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF7E2A1A614

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Users\user\Desktop\wcz289366876a.exe "C:\Users\user\Desktop\wcz289366876a.exe"			Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"			Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\wcz289366876a.exe

Code function: 0_2_00007FF7E2A29570 cpuid

0_2_00007FF7E2A29570

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\PIL VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\encoding VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\http1.0 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\msgs VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\opt0.4 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\Africa VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America\Argentina VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America\Argentina VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America\Argentina VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_tcl_data\tzdata\America VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI62282\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wcz289366876a.exe	Queries volume information: C:\Users\user\Desktop\wcz289366876a.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\wcz289366876a.exe

Code function: 0_2_00007FF7E2A0D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7E2A0D010

Source: C:\Users\user\Desktop\wcz289366876a.exe

Code function: 0_2_00007FF7E2A25C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF7E2A25C00

ID:	1562223
Product:	CloudBasic
Start time:	11:09:16
Start date:	25.11.2024
Sample:	wcz289366876a.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	e3693d3a0b2bf09076ea7c22a688b82b
SHA1:	706c884385d7eccaa9fc2d2f2e0a96a2cbce7117
SHA256:	35452979315434b7c86b41924800c16604facf528f828b6164ff2cc58a823dcb
Filetype:	Win64 Executable GUI (202006/5) 77.37%

Windows Analysis Report
wcz289366876a.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted URLs

Windows Analysis Report wcz289366876a.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted URLs

Windows Analysis Report
wcz289366876a.exe